Tag Archives: pci-dss

Security breaches and identity theft are becoming an increasing concern for consumers as hackers continue to target large retailers. Target, Sally Beauty Supply, Neiman Marcus, Home Depot, Michaels, Dairy Queen and Kmart are among retailers recently hacked. These incidents have resulted in stolen personal information such as phone numbers, addresses, emails, and credit card information. As a result of these breaches, affected consumers are more likely to fall victim to identify theft. The following is a summary of retailers who recently suffered a data breach. Reports suspect hackers were able to infiltrate…

Continue reading

Security researchers have identified a new malware called Dexter that specifically targets Point of Sale (POS) systems such as cash registers and scanning stations to obtain credit card numbers.  As of December 12, 2012, Dexter had infected systems in 40 different countries with the majority of infected systems residing in North America and the United Kingdom.  The malware-infected machines a few months ago, just in time to steal data from many of the holiday shoppers. Dexter steals credit card data by recording downloaded files from the POS device and retrieving…

Continue reading

The use of SIEM, DLP, and IAM can significantly enhance the capabilities of information security departments. SIEM allows a company to make the access, transfer, and reception of data within the company more apparent and can further improve DLP initiatives in protecting and controlling data within the organization. The advantage of using SIEM, DLP, and IAM within an individual company streamlines the process of protecting vital information and makes the company more efficient. DLP Data Loss Prevention (DLP) is a technology that keeps an inventory of data on organizational devices, it tracks…

Continue reading

PCI applies to a wide range of corporations and companies that deal with credit card transactions, and it can be a useful tool for other organizations as well.  The PCI specification was created by credit card companies such as Discover, American Express, Visa, and MasterCard to protect the individual from credit card fraud and identity theft through standardization of security controls surrounding the protection of credit card information.  Similar to ISO standards, PCI is not a government regulation full of fines for non-compliance.  Rather, the rule thrives under positive reinforcement…

Continue reading

Information security is often feared as an amorphous issue that only the IT department has to deal with. The reality is that companies need to be concerned with complying with information security from top to bottom. Regulations are in place that can help a company improve information security while non-compliance can result in severe fines. It may be difficult for a company to understand which laws apply and which ones do not because many different sets of laws can apply to one company and not another. Many major companies within…

Continue reading