Isolating the Cardholder Data Environment with Network Segmentation

Isolating the Cardholder Data Environment with Network Segmentation

In a recent post, we discussed many of the challenges with attesting to PCI DSS compliance, including a description of some of the factors that are often overlooked when defining the cardholder data environment (CDE). See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on PCI DSS-related topics for more information. …

Read More

Security Buzzwords – What’s the difference?

Data breaches are on the rise and experts forecast that that trend will continue (Experian – Data Breach Industry Forecast). With increased news coverage, Information security is no longer confined to the IT department.  Business partners and C-Level executives are now asking questions and want to know if their company is prepared.  …

Read More

Cyber Attacks Part II – New Distribution Strategies by Hackers

Hackers are using a new channel of attack for penetrating networks.  A malware threat previously used in direct attacks against energy sector companies is now being aimed at organizations that use or develop industrial applications and machines.  This strategy introduces malware into systems that are then connected into target networks. In early 2014 attackers began distributing new versions...

Read More

Cyber Attacks Part I – When, not if

The smart grid offers convenience, but it also makes cyber attacks more likely. Smart grids rely on technology that has created millions of new access points for hackers to breach. In a world where credit card breaches are becoming commonplace it’s not ‘if’, but ‘when’ will they become a target of focus for Cyber vandals or state-sponsored hacking?…

Read More

Data Privacy in Insurance

Two months ago, if someone were to Google search for a subsidiary of one of the nation’s largest bond insurers, they could find information about its corporate structure, access annual reports, and read about their history. However, due to a simple misconfiguration of a database server one could also discover a wealth of private consumer account numbers, balances, and internal administrative...

Read More
Heartbleed bug exposes millions of online services to security risks

Heartbleed bug exposes millions of online services to security risks

This week, researchers from Codenomicon and Google Security publicly disclosed a critical bug in the OpenSSL cryptographic software package used by millions of internet connected services.  This weakness, referred to as the Heartbleed bug, allows anyone on the Internet to steal information from vulnerable systems by exploiting a protocol designed to ensure the security in network...

Read More

CFTC Issues New, but Familiar, Cyber-Security Guidelines

Recently the Commodities Futures Trading Commission published a set of guidance, outlining its expectations with regards to cyber-security programs.  In contrast to regulating bodies in other regulated industries and sectors, the CFTC tends to take a principles-based approach to regulation, which is reflected in the relative generality (some would say ambiguity) of the published...

Read More
Anti-Social Media

Anti-Social Media

The past week will likely go down in history as one where we saw the massive impact of social media in today’s world.  Most notably, following the horrible events in Boston, social media, especially Twitter, became a leading distributor of news information.  While a combination of bad reporting by the traditional news networks and tweets by ill-informed Twitter users often...

Read More

State/Federal Jurisdiction Over Cyber Security Remains Key Legislative Issue

There has been a flurry of activity in Congress on the issue of cyber security in recent weeks. Some bills have failed, some executive motions have arisen in their wake, and what remains as the dust settles is the fundamental question of how jurisdiction on cyber security policy and oversight should be defined between states and the federal government.…

Read More
Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons