|
|
|
|
Monthly NewsLetter
Issue: July 2011
|
|
|
|
| About | Welcome to the monthly edition of our Compliance, Security and GRC Newsletter. This is informational news comprising the latest on compliance related topics and other IT Security & Governance updates that impact our clients, friends and other interested parties.
Please feel free to submit suggestions for topics or provide an article that you would like to share with other newsletter recipients for future editions, by contacting us at contact@controlcase.com.
|
|
 |
|
|
|
PCI Council releases fact sheet to clarify PA-DSS validation process
| | The Payment Card Industry Security Standards Council (PCI SSC) has issued a statement to clarify how mobile applications can become eligible for Payment Application Data Security Standard (PA-DSS) validation. PA-DSS was introduced to provide a definitive data standard for software vendors that are intending to develop payment applications. It includes requirements such as protecting the primary account number [PAN] throughout the transaction and providing encryption over public networks. In the statement, the PCI Council provides a checklist of 13 questions which are designed to assist vendors in determining whether or not their application is eligible for review and listing by the Council as part of the PA-DSS program. Click here for the full article. |
|
ControlCase takes the stage at leading industry events
| | ControlCase continues to remain at the forefront of developments around PCI and has recently sponsored high profile events where IT innovation in the fields of security and risk are the main topics of discussion. ControlCase was a key sponsor of Visa's International Security Summit series, 'The Dynamic Future of Business', which recently took place in Jakarta (24-26 June) and Dubai (14-16 June). At both sessions, the future of payment security dominated the agenda. ControlCase also sponsored Gartner's Security & Risk Management Summit, held in the Washington Metro area, 20-23 June. This event was a must attend for CISOs as well as security, risk management and business continuity professionals. Hot topics under discussion included GRC, Cloud Computing, mobile applications and security and vulnerabilities. Click here to request copies of ControlCase conference materials. |
|
PCI compliance in the Cloud by Kishor Vaswani, CEO of ControlCase |
On 16 June, the PCI Council issued guidance on the use of virtualization in accordance with the Payment Card Industry Data Security Standard (PCI DSS). At the same time, ControlCase's CEO, Kishor Vaswani, has produced a white paper which addresses the issue of PCI compliance in a cloud environment. Kishor's document is not an official interpretation of the PCI Council's stance on cloud computing, but an overview which is intended to answer any client concerns and questions. It essentially examines some of the key differences that organizations should be aware of when attempting to attain PCI compliance in a cloud environment, covering specific requirements such as firewalls, configuration standards, access controls and user IDs, vulnerability management and policies and procedures. Click here to access to entire white paper. |
|
ControlCase adds Log Management and File Integrity Monitoring to its GRC solution
| |
ControlCase's GRC solution now supports log management, log analysis and file integrity monitoring. Regardless of size and resources, organizations now have the means to effectively and efficiently manage this critical aspect of their control environment. With the release of ControlCase Log Manager, the company continues to enhance its existing suite of GRC solutions which currently includes: Compliance Manager, Vendor Manager, Risk Manager, Policy Manager, Privacy Manager, Training Manager, Asset and Vulnerability Manager and Card Data Discovery. Click here for more details.
|
|
PCI Council issues guidance on the use of virtualization
| |
The PCI SSC has produced an information supplement to provide guidance on the use of virtualization in accordance with the PCI DSS. It is intended for merchants and service providers who use or are considering the use of virtualization technologies in their cardholder data environment (CDE). It will also be of use to assessors reviewing environments with virtualization as part of a PCI DSS assessment. While it provides many benefits, virtualization also introduces new and unique risks that must be considered carefully prior to deployment. Click here for the full article.
|
|
|
|
Upcoming Events and Conferences
|
ControlCase is sponsoring two upcoming PCI Security Standards Community (PCI SSC) events: Scottsdale, AZ on 20-22 September 2011and London, United Kingdom on 17-19 October 2011. The first will be held at the Westin Kierland Resort & Spa, and the second is the third annual PCI SSC Community Meeting in Europe which will be hosted at the Lancaster London hotel. Click here for more details regarding the PCI SSC community meeting in Scottsdale, Arizona or here for the PCI SSC community meeting in London, UK. |
|
Recently in the News....
| The following articles highlight accomplishments, challenges and issues that affect our industry:
Analysis of passwords in Sony security breach A little over a week ago, Sony was hit yet again with another security breach. Over one million passwords that were stored in plain text, were released into the wild. Software architect Troy Hunt took a closer look at the dataset and found just how predictable people's passwords are. Only 5 Percent of CIOs Can Authorize IT Investments CFO influence in IT is growing as CFOs alone have authorized 26 percent of all IT investments, while CIOs alone have authorized only 5 percent of IT investments....
PCI SSC announces new participation opportunities PCI Security Standards Council, announced it is building on the success of Special Interest Groups (SIGs) to date by introducing a new process and structure for contributing to PCI SSC initiatives through these groups.
Click here for additional articles............ |
******************************************************************************************************************
******************************************************************************************************************
Please let us know any suggestions you may have. Also, please feel free to forward this to other people who would find this newsletter useful.
Sincerely,
ControlCase Team
|
|
|
