Recent events have caused people all over the information security community to question the efficacy of the PCI-DSS. The Target breach has become a lightning rod for debate as to how well the PCI-DSS protects organizations. Continue reading
Posted in Opinion, PCI
Tagged Avivah Litan, bob russo, gartner blog, gartner pci complaince, pci assessment, PCI compliance, pci qsa, pci qsa for target, pci standards council, pci-dss, PCI-DSS 3.0, qsa audit, qualified security assessor, qualified security assessors, target breach, target pci compliance, target pci-dss
Today, FireEye, a maker of advanced security tools announced it has acquired Mandiant, the renowned incident response company. So what does this spectacular combination mean for the industry?
It means, this industry is awesome and just keeps getting more awesome.
It is that reflective time of year when every security blog publishes their top ten list of new technologies, great ideas, or other attempts at profound prophecy. Not wanting to seem left out of the running, Anitian has a list of ten things that we should stop doing in 2014.
Posted in Industry Analysis, Politics, Psychology of Security, Security Management
Tagged checkbox assessments, FUD, information security, it security, NSA, PCI 3.0, PCI 3.0 standard, penetration testing, security analytics, trust
Last week Dragos Ruiu described a new kind of malware that can spread without network connectivity. Named badBIOS, this malware supposedly uses ultrasonic communications through speakers to communicate with other hosts. This raised a lot of eyebrows, even among us jaded consultants at Anitian.
So, is badBIOS for real? Maybe not, but the origin of badBIOS could be very real.
“I told you this would happen!” The board room goes silent as the executive team contemplates the events unfolding before them. There has been a serious data breach and the situation is escalating. Everybody is tense. The security team’s warnings about server vulnerabilities were ignored…why?
The middle of a serious security breach is not the time to discover that management ignores you. Unfortunately, it is often a serious incident that uncovers this problem (as well as precipitating it.) The question arises then, how do you get management to listen to security teams, when all they seem to care about is budgets, strategic initiatives, and meetings? The answer to this challenge lies in understanding why people pay attention to anything.