-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Category Archives: Compliance and Laws
Security in the Dark
December 6, 2011 – 6:00 am
–
I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three hours, say) are often not conveyed to…
SEC-urity’s Catch 22
November 7, 2011 – 6:00 am
–
On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…
The FFIEC and Password-Generating Tokens
August 29, 2011 – 6:00 am
–
In June 2011, the FFIEC (Federal Financial Institutions Examination Council) issued a “Supplement to Authentication in an Internet Banking Environment,” available at http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf The FFIEC comprises five financial regulatory…
How to Define “Connected Systems” to the PCI Cardholder Data Environment (CDE)
December 6, 2010 – 6:00 am
–
While the Payment Card Industry (PCI) Data Security Standard (DSS) arguably does a better job than most standards in defining scope, there is one part of the DSS that needs to be clarified. The DSS determines scope in terms of “system components,” which it defines as follows. The PCI…
Net-Witness of the Persecution
March 9, 2010 – 6:00 am
–
There is an interesting article in the February 18, 2010 Wall Street Journal by Siobhan Gorman, with the title “Hackers Attack 2,411 Firms: Global Offensive Snagged Corporate, Personal Data; Operation Is Still Running.” It describes how staff of the security services firm, NetWitness,…
