In many if not most enterprises, the chief information security officer reports to the chief information officer. After all, enterprises cannot function without IT, and security is a support function to safeguard data and systems. Or is it?
In the second full day of RSA 2014, ISMG's editors record exclusive video interviews with Troy Leach of the PCI Council, Adam Sedgewick of NIST and Gartner's Avivah Litan. What insights do these thought-leaders share?
Organizations in all sectors can improve their compliance with the PCI Data Security Standard by taking five critical steps, says Rodolphe Simonetti of Verizon Enterprise Solutions, which just issued a new PCI compliance report.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
As Congressional leaders look for answers about why U.S. card security is failing, there hasn't been enough discussion surround why EMV can't easily fix our system. And the card brands have been conspicuously absent from the debate.
The PCI Security Standards Council has no plans to modify its standards for payment card data security in response to high-profile payment card breaches at Target and Neiman Marcus, says Bob Russo, the council's general manager.
Target Corp.'s revelation that personal information about up to 70 million customers was breached in a recent malware attack raises new questions about Target's security practices and risks to consumers.
Many business leaders lack a clear understanding of the value of identity and access management. CISO Christopher Paidhrin offers a scenario for how to make the case for an IAM investment.
Version 3.0 of the PCI Data Security Standard goes into effect Jan. 1, 2014. What steps should organizations be taking to prepare for implementation of the standard? Troy Leach and Bob Russo of the PCI Security Standards Council explain.
Chase says hackers compromised servers for the bank's UCard Center website for prepaid card accountholders, potentially exposing card numbers. The bank is not reissuing cards, but it's offering free credit monitoring.
New payment card security standards issued by the PCI Council include a number of improvements, plus some glaring omissions, such as requirements for mobile, security experts say. What are their chief concerns?
New requirements to mitigate payment card risks posed by third parties, such as cloud providers and payment processors, are a focal point of the PCI Security Standards Council's updated data security standard.
An insurer has dropped its lawsuit aimed at avoiding covering damages suffered in the Schnucks retail breach. But attorney Dan Mitchell says this case shows why more companies need cyber-insurance.
Our inaugural Fraud Summit on Oct. 22 at the Meadowlands in New Jersey will feature an impressive lineup of information security leaders offering timely insights about practical risk mitigation strategies.
Mitigating card risks associated with retail malware attacks and POS vulnerabilities is a focus of updates to the PCI Data Security Standard, say Bob Russo and Troy Leach of the PCI Security Standards Council.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.