Why Comply With PCI?
There were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year.
Any business that stores, processes, or transmits any of this cardholder data is required to comply with PCI DSS (Payment Card Industry Data Security Standard). The PAN (Primary Account Number) on…
Downtime – It’s Not Always Enjoyable
Downtime – It can be both a good and a bad thing. This, of course, depends greatly upon the context of the situation that the word is being used in. For example, having a little downtime while lounging on a sunny beach in Hawaii, sipping Pina Coladas and listening to classic rock is a much different scenario than having infrastructure downtime caused by a catastrophic change in Active Directory. In one case, the worst possible result may be a little case of sun burn and the realization that y…
Do You Know Where Your “Privileged” Credentials Are?
Three months after the massive Target attack that resulted in 110 million consumers’ credit card and personal data being stolen; we are finding out that company size is irrelevant in the data breach conversation; as consumer confidence, market presence, and brand recognition are absolutely critical to an organizations bottom line – profitability. Since customer confidence, market presence, and brand awareness are all critical elements of profitability; we must ask ourselves – What protections…
Stolen Devices: The Latest Epidemic in Healthcare
Technology innovations within the healthcare industry have risen exponentially in the last decade – consequentially, so have data breaches and theft. In 2013 alone, millions of patients’ protected health information (PHI) was compromised, costing healthcare organizations billions of dollars. Some of this information was even dated back decades prior, affecting individuals no longer affiliated with the compromised organizations.
The U.S. Department of Health & Human Services (HHS) “must p…
Even a Dead Business’ Data can be a Live Wire
There is little excuse when an employee is granted access to data inappropriately. It’s even worse when that access is granted across lines of business without apparent reason. Worse still is when access to sensitive personally identifiable information (PII) and financial data is treated in that sloppy manner. If you also chuck in the fact that the business that gathered this sensitive data had been out of business for years, then you understand why the Barclays breach has got so many people …
The OWASP Top 10: Then and Now
The OWASP Top 10 list publicizes the most critical web application security flaws as determined by Open Web Application Security Project (OWASP), a nonprofit, vendor-independent IT security organization formed in 2001. In this article, we review the 2013 edition of this popular security resource.
The OWASP Top 10 Is Revised Every Three Years
OWASP aims to update the Top 10 once every three years as IT security threats evolve over time, and the OWASP Top 10 for 2013 will be released in May 2…
What is NERC CIP Compliance?
The North American Electric Reliability Corporation (NERC) develops and enforces CIP (Critical Infrastructure Protection) Reliability Standards corresponding to the Bulk Power System (BPS). Users, owners, and operators of the BPS under NERC jurisdiction serve more than 334 million people in the US, Canada, and northern Baja California, Mexico with their electricity.
The NERC Security Guideline for the Electricity Sector addresses risks that can arise in the daily business of electricity orga…
“I’ll Just Copy & Paste That into Excel so I can Work on it at Home…”
A year after the actual laptop filled with 620,000 person’s personally identifiable information (PII) and personal health information (PHI) was stolen from Medicentres Family Care Clinics, Danielle Smith of the Wildrose Party in Alberta Canada asks: “Why did all of this information exist in a single file on a computer in the first place?” I’m sure it was the same old reasons. Most of the time it’s about a worker who is high on work ethic, but low on security awareness trying to do what they s…
“Doctor, Help Fix My Cold and My Identity?”
Four years; yes, you read that correctly, four years later approximately one thousand patients of Riverside Health System of Virginia were notified they were victims of a privacy breach. The fact that a healthcare provider was breached seems to be a common headline in the news these days. Personally what makes this breach even more interesting was the fact that it was discovered after a random audit. Riverside Health System spokesperson Peter Glagola said in a statement, “We have a robust com…
StealthINTERCEPT – “SIEM”-ply the Best
It’s not every day you can take two things that are independently great and combine them to create something truly extraordinary. Although examples of this momentous event through history range, from a simple cellphone being given the power of a small computer, to the monumental revelation of combining a nacho cheese Dorito chip with a hard-shell taco – we have been shown that this is a rarity, with only few exceptions being able to achieve the accomplishment.
And now, STEALTHbits proudly jo…
