April 11, 2013
A question came up about a PCI audit that was performed for one of our customers. They just finished their PCI audit and passed. I am now working with them on a new software application and there is a vulnerability …
Virtual artifacts run the gamut from computer generated artwork, photographs of family, and other critical files denoting and cataloging our (virtual) lives. However, they also include forgotten or discarded files that were never deleted (of course the true digital archaeologist knows how to dig even deeper to get files not securely deleted). As such, virtual artifacts provide keen insight into a system and the system’s owner. Including such files that we probably would have preferred never to see the light of day again.
The PCI-Council is working with SANS for a set of courses that PA-DSS vendors can use. These courses include fundamental courses for developers and security staff as well as development language specific courses. There are also courses for senior level developers, tester and managers.
For those that aren’t keeping track, June 30, 2012 is a day to mark on your calendar. Not because of any special anniversaries or birthdays (although if yours does fall on that day then Congratulations!). June 30 is the day that we can add one more validation point to our compliance lists from the PCI Data Security Standard.
Social media has both helped and hurt organizations and healthcare is certainly no exclusion. Many entities are getting on, or have been on for some time, the social media band wagon. This can lead to some fairly significant issues for organizations, especially healthcare. So how does an entity prevent these breaches?
While getting compliant and passing your yearly Report on Compliance audit or filling out a Self Assessment Questionnaire is important to your organization and your customers (and a requirement for merchants and service providers), the PCI Data Security Standard (DSS) is intended to be the foundation of an ongoing program, ensuring you follow best practices throughout the year.
Copyright ©2012 NetSPI Inc. All rights reserved