PCI Compliant Hosting

PCI compliant hosting is one of the key aspect you need to look for when you plan to host some of the credit card data of your customers at hosting providers site. Some of the key aspects you should look for from a PCI DSS Compliance perspective are (to qualify…

How to achieve PCI DSS Compliance

PCI Compliance is an ongoing process for any organization. If not managed well, today’s compliance status would change to non-compliance tomorrow. Even though, PCI has given a list of requirements, the implementation of the same is the key for a successful PCI compliance status. There is no one stop solution…

PCI DSS File Integrity Monitoring

File Integrity Monitoring File-integrity monitoring or change-detection systems check for changes to critical files, and notify when such changes are noted. For file-integrity monitoring purposes, an entity usually monitors files that don’t regularly change, but when changed indicate a possible compromise. Critical files (which rarely changes) of a system includes…

List of Disk wipe software

People and organizations dispose of their computers including the Hard drives when no more needed or considering that they are obsolete. The media such as hard drives, USB etc when disposed of may contain confidential information vital to you or your organization. Deleting files or formatting the drive may not…

Dual Control or Segregation of Duties?

Many information security professionals, event at the senior level roles, are still getting the internal control mechanisms such as Dual Control and Segregation of duties wrong. I often see that they are confused between the concepts of Dual Control and Segregation of Duties. Both these controls are applied to prevent…

Importance of Database Activity Monitoring

Database Activity Monitoring is a key process in the data protection suite of activities. Databases being the key place for data storage, database activity monitoring and additional services such as database firewall, vulnerability virtual patching etc. are key in the process of data protection The importance of this protect become…

Database Activity Monitoring

Who has unlimited access to your data? None other than the database administrators. We do trust them, don.t we? Yep, what else we can do. There are two things we need to consider; (1) what if the DBA turn malicious? (2) What if the good DBAs accounts are compromised?. The…

File integrity requirement of the PCI DSS

I always wondered about the file integrity monitoring requirement of the PCI DSS standard. What is the purpose of this requirement? Is it a control or an compensating control. Isn.t it something similar to the much debated .code review or web application firewall. subject? To understand more about this control,…

PCI DSS guideline on Wireless Network

The PCI Council published the guideline prepared by the PCI SSC Wireless Special Interest Group (SIG) Implementation Team named as PCI DSS Wireless Guideline (Information Supplement) to address the wireless security in the cardholder data environment (CDE) https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdfThis guideline has come out after 4 years of the security incident (TJ…