Cyber Security News
Read the latest articles and posts.
Lessons Learned from the Equifax Breach
Patch management cannot be viewed as a low-level security to-do on a checklist. It serves a critical purpose for information security teams along with the organizations and end-users’ data they are responsible for protecting. Without patch management, software and...
Is the Board Questioning Vulnerability Management?
The answer is yes. Who is to blame? The finger should not be pointed at the CISO. Rather, it is a confluence of factors, not least of which is the influx of vulnerabilities in this shifting cyber risk landscape. It has created a domino effect on technology tools,...
NotPetya – What to Do About it and Future Ransomware
NotPetya is just the latest of several significant ransomware incidents in the past two months. NotPetya has impacted countries and industries around the world with particular emphasis on Ukraine. Sharing the name with the original "Petya” attack, this variant spread...
Meet New York Cybersecurity Requirements with NIST Framework
The New York State Cybersecurity Requirements (23 NYCRR 500) for financial services companies went into effect on March 6, 2017. The 43 requirements in this regulation may seem daunting, especially considering the numerous other state and federal cybersecurity...
Five Easy Steps Toward Meeting the New York State Cybersecurity Requirements
Frederick W. Scholl The New York State Cybersecurity Requirements (23 NYCRR 500) for financial services companies went into effect on March 6, 2017. The 43 requirements in this regulation may seem daunting, especially considering the numerous other state and federal...
Banking on Cybersecurity: How Financial Institutions Can Protect Their Assets
Introduction Financial institutions are under attack by all manner of cyber thieves. And why not? As Willie Sutton said when asked why he robbed banks: “because that’s where the money is.” More important today is the fact that only about 10% of the world’s population...
PCI Compliance: Vulnerability Scans & Penetration Tests
This is the final of a six-part blog series about PCI compliance.
PCI Compliance: How to Develop a Remediation Plan
By Jane Laroussi, CISSP, QSA This is the fifth of a six-part blog series about PCI compliance. In recent weeks, we reviewed and explained PCI validation and reporting requirements, and we discussed the value of a readiness assessment before an official...
PCI Compliance: Readiness Assessment
By Jane Laroussi, CISSP, QSA This is the fourth of a six-part blog series about PCI compliance. Thus far in this series, we’ve set the stage for achieving PCI compliance. In Part 1, we listed and defined PCI-relevant terms; in Part 2, we discussed how to...
PCI Compliance: How to Complete Reporting Requirements
This is the third of a six-part blog series about PCI compliance. Last week, we discussed how to determine and minimize the scope of PCI compliance. This week, we’ll review and explain PCI validation and reporting requirements. And, you can always refer to part one of...