When it comes to protected information security under PCI DSS, consistent purview over log data is the guidance. But it’s known that this objective is not as easy as it sounds. Organizations managing PCI data are supposed to review log data and periodically schedule an assessment to be completed by an outside party. However with today’s economy, and so much being asked of IT staff, I wonder if periodic review of sensitive data risk controls to comply with PCI DSS is adequate.
 

Continue Reading >>>

Participating and reviewing smart meter / smart grid programs have allowed us to evangelize the need for utilities to established a continuous near real-time enterprise-wide platform. The economics of today is forcing executives to overcome the regulatory issues and utilities standards of upgrading the current grid to resolve:

Continue reading >>>

Organizations must track and monitor all access to cardholder data and related network resources – in stores, regional offices, headquarters, and other remote access.

Yes, it is well documented that the three (3) tenets for adhering to PCI DSS 2.0 are as follows:

Assess - Identifying cardholder data, taking an inventory of your IT assets and business processes for payment card processing, and analyzing them for vulnerabilities that could expose cardholder data. Remediate - Fixing vulnerabilities and not storing cardholder data unless you need it. Report - Compiling and submitting required remediation validation records (if applicable), and submitting compliance reports to the acquiring bank and card.

Continue reading >>>