Linking your business to more business.

Caught between PCI-DSS compliance mandates and a shrinking budget?

Use our quick contact form above and we'll show you how to become PCI-DSS complient on a seriously tight budget!

Still looking for more conventional answers? Here are some possible resources for PCI-DSS...

http://www.techworld.com/security/pci.cfm
23 March 2007 SSID cloaking - more or less secure By Joshua Wright Aruba Networks Some people think their Wi-Fi networks are more secure if they dont broadcast the SSID. Its not that simple. Read more... Make your WLAN roam faster...

http://www.techworld.com/security/pci.cfm#Insight
of Knowledge Worker Productivity On the face of it social software seems an unlikely example of enterprise collaboration. Arent social networks a fad What does sharing photos or connecting with college buddies have to do with getting work done The Data...

http://www.cio.co.uk/whitepapers/5860/pci-dss-compliance/
Business - Technology - Leadership Oracle Using Social Enterprise Applications to Enable the Next Wave of Knowledge Worker Productivity Social networks such as Facebook and MySpace might seem at first to be more about play than about work but it is...

http://riskmanagementinsight.com/riskanalysis/
the extraneous so that you can have laser-beam focus on the systems that house the sensitive data itself. Thats segmenting networks part of PCI DSS controls that identify and remove or prevent critical data from appearing on undesirable systems like laptops...

http://www.tssci-security.com/archives/2009/02/12/post-to-webappsec-mailing-list
application security server virtualization and the evolutions its bringing with it e.g VNET and VMsafe are going to dominate traditional networks and cut their existing budgets. Unfortunately for application security the new virtualization evolution also brings with it tons of object...

http://www.thecoverofnight.com/blog/
interview process into account the operational capability of this intelligence gathering technique is only compounded by the fact that social networks and other web technology such as blogs reveal even more information about the person. The adversary can take this information... technology such as blogs reveal even more information about the person. The adversary can take this information from the social networks and web and craft the right questions to ask. This information can also be used to craft good icebreaker topics...

http://trustseals.wordpress.com/2009/02/10/pci-compliance-explained/
about the requirements. Requirement number one is having network diagrams. Its amazing today how many companies dont know what their networks look like. One of the first requirements is sitting down and documenting and understanding what your network is all about...

http://pcianswers.com/2008/10/01/pci-dss-version-12-differences-and-updates/
4.1.1 - Removes discussion of WEP vs WPA and simply states that cardholder data must be security encrypted over wireless networks and to implement strong encryption for authentication and transmission. This is the first reference to authentication implying that not only...

http://www.zendzign.com/
fax. This would fall under the Payment Card Industry standard section 4 that requires transmission of cardholder data across open-public networks to be encrypted and section 12 for contracts that require partners or service providers who handle card data for your...

http://blog.paymentsecuritypros.com/
it. Its up to us to secure these systems and in this case get P2P file sharing programs off our networks. Slashdot Digg Reddit del.icio.us Facebook Technorati Google StumbleUponlolcats and PCI February 26th 2009 by Michael Dahn Posted in PCI DSS...

http://www.mckeay.net/2008/11/02/pci-compliance-in-the-cloud-get-it-in-writing/
instances on a box to ensure cross-zone contamination is not occurring.Im not directly involved in the securing and examining of networks for PCI compliance but are there opportunities in the audit process where the analyst would know whether an in-scope server...

http://mediaphyter.wordpress.com/2008/02/01/security-twits/
If youre new to Twitter read this blog post on the must-haves for newbies.Send this list to your own security networks and recruit more Security Twits. Comment below if you have any corrections or additions. This blog post will serve as...

http://rss.tradepub.com/?br=hackerscenter&feed=information_technology_security
ltdivgt ltdiv idrightcontentgt ltpgtThe most robust security systems available today are built on a dedicated purpose-built security platform. Protecting business networks and data demands a smart in-depth security strategy with layers of network-aware security services. Firewalls Intrusion Prevention Systems IPSs and... ltbrgtltbrgtThis white paper outlines how an endpoint intrusion prevention and scan-on-connect solution can secure mobile and remote machines and corporate networks from today s most sophisticated and blended threats. ltpgt ltp class entry-footer aligncentergt ampnbsp149 lta href mailtosubjectBest Practices for Security...

http://www.deb.radcliff.com/
between the client browser and the service side application. Apr. 2007When World of Warcraft spreads to your world How enterprise networks can take collateral damage Apr 2007Hear Deb Radcliff at IT Conversations. Virtual booty has become more important to some online...

http://blog.imperva.com/
and some of the gaps that exist. Finally Joe shares some very interesting stories around cyber attacks on control system networks.By Brian Contos March 9 2009 133 PM Permalink Comments 0 Digg it Add to Del.Icio.Us Add to...

http://maltainfosec.org/
Improper Use of the SSN 8. Unsanitized Hard Drives Solutions College administrators should consider the following - Regularly scan institutional networks for sensitive information such as social security numbers grades and financial information. Use a combination of public search engines and...

http://internet-b52.net
but that doesnt necessarily mean they are all at the network edge. The clients can be on a variety of networks and in various locations around the world. A word of warning In a large and heterogeneous environment the client layer... connection is made and that packets are delivered. This alone makes standard syslog prone to quiet delivery failures on large networks especially where network paths involve multiple router hops or tunneling. UDP may also be blocked at a router or firewall...

http://risktical.com
1000. For reputation I am assuming that loss event knowledge would be contained to the consumer and maybe their social networks. For response I am assuming lost INI internal productivity and maybe some hard dollars to provide the consumer credit monitoring...

http://www.cr80news.com/2009/01/14/pci-on-campus
security requirements for payment card data College and university campuses need to be aware that different portions of their computer networks may need to be secured because of requirements from the payment card industry. ... security requirements for payment card data College and university campuses need to be aware that different portions of their computer networks may need to be secured because of requirements from the payment card industry.KeyWordsCampus card technology smart cards access colleges universities... security requirements for payment card data College and university campuses need to be aware that different portions of their computer networks may need to be secured because of requirements from the payment card industry. Payment Card Industry Data Security Standards PCI...

http://newsteam.scmagazineblogs.com/2009/01/23/is-pci-working-maybe-maybe-not/
this week are surmising that the cybercrooks took advantage of a vector that PCI doesnt address Data traversing over private networks. In the case of Heartland it appears the vandals were able to insert data-sniffing trojans on unencrypted private lines which...

http://beastorbuddha.com/2009/01/27/okay-ill-add-my-2-cents-to-the-heartland-bre
that often generate config checking involve 1.2 Examine firewall and router configurations to verify that connections are restricted between untrusted networks and system components in the cardholder data environment as follows 2.2.3.c For a sample of system components verify that common...

http://www.secureconsulting.net/2009/02/pci_dss_v12_in_a_nutshell.html
and description of security measures taken. In general all untrusted network connections must be firewalled including to the Internet partner networks and wireless environments. Rules must be narrowly focused limiting both ingress and egress traffic. Access controls into the cardholder environment... keys. Key custodians must sign a custodian agreement. Requirement Requirement 4 Encrypt transmission of cardholder data across open public networks Summary Cardholder data must be protected with strong encryption when transmitted across public networks e.g. Internet wireless GSM GPRS. Industry... of cardholder data across open public networks Summary Cardholder data must be protected with strong encryption when transmitted across public networks e.g. Internet wireless GSM GPRS. Industry best practices for wireless networks must be applied. An unencrypted PAN must never be... IM chat. Action Items 1. Strong cryptographic controls must be used to protect the transmission of cardholder over

http://blog.eiqnetworks.com/2009/02/03/byline-on-rsi-pci-is-not-enough/
eIQviews Perspectives on Security and Compliance Management from eIQnetworksByline on RSI PCI is notenough February 3 2009Ah the Heartland breach continues to generate opportunities for us to get on...

http://www.qualys.com/solutions/pci_compliance/
the underlying data security standard compliance requirements are set independently by individual payment card brands. While requirements vary between card networks MasterCards Site Data Protection Plan and Visas Cardholder Information Security Program are representative. They stipulate separate compliance validation requirements for... requirements and enforcement measures are subject to change merchants and service providers should closely monitor the requirements of all card networks in which they participate.At first exposure PCI compliance and validation requirements can appear daunting particularly the external scan requirement. Merchants...

http://www.pciknowledgebase.com/index.php?option=com_banners&task=click&bid=17
to MerchantWARE from Merchant Warehouse your payment processing system can meet and surpass virtually all PCI guidelines related to data networks and security. As with most great technology solutions the best are often the most simple. MerchantWARE leverages the new MagSafe...

http://www.pciknowledgebase.com/index.php?option=com_banners&task=click&bid=5
DescriptionAchieve PCI compliance for your wireless networks using AirTight Networks wireless security and audit solution. ... DescriptionAchieve PCI compliance for your wireless networks using AirTight Networks wireless security and audit solution.KeyWordsPCIPCI-DSSPCI compliancePCI requirementsPayment Card Industry Data Security Standardscredit card securityAirTight The Global Leader...

http://www.pciassessment.org/12-pci-dss-requirements.php
a secure network protect cardholder data maintain a vulnerability management program implement strong access control measures regularly monitor and test networks maintain an information security policyNDB Advisory Home Contact News Does your business process store or transmit consumer transaction data...

http://www.imperva.com/pci
security parameters Check Mark 3 Protect stored cardholder data Check Mark 4 Encrypt transmission of cardholder data across open public networks 5 Use and regularly update anti-virus software 6 Develop and maintain secure systems and applications Check Mark 7...