security Archives | Page 3 of 3

Security and PCI-DSS Compliance

10/24/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Vulnerability Management/by PathMaker Group

The question of whether compliance makes your networks secure often comes up when performing Payment Card Industry (PCI) Data Security Standard (DSS) remediation and audit work. Many believe that compliance with the PCI-DSS means their networks are secure from exploitation. Unfortunately this is not the case. Passing an independent PCI audit usually indicates reduced vulnerability for those PCI related areas tested, however the PCI segments are usually a small portion of the overall networks.

The payment card industry has one goal in mind and it is not to protect or provide security for your network. Their goal is to protect credit card and card holder data. They do this to limit their potential liability and transfer responsibility for that liability to the entities that provide, accept, use, store or transfer credit card and card user information. That is almost all businesses and many institutions here and around the world. Read more

The Importance of Hiring an Experienced, Qualified Security Assessor for Your PCI-Compliance Audit

10/18/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Threat Management, Vulnerability Management/by PathMaker Group

With the stiff penalties associated with failure to meet standards set by the PCI Security Council, ensuring that your company remains compliant and avoids security breaches requires regular PCI compliance audits. Hiring qualified security assessors can help you avoid a number of potential pitfalls associated with audits. Opting to hire the most experienced candidates offers a number of benefits, including:

Getting it Done Right
In 2004, CardSystems Solutions was hacked, resulting in 263,000 stolen credit cards and roughly 40 million compromised. This breach occurred despite their security auditor giving them a clean audit just three months prior. Hiring experienced PCI compliance auditors to perform your audits lessens the likelihood of potentially costly mistakes.
Continued Security
Experienced PCI compliance auditors not only understand current standards, but they understand the areas in which the current standards fall short. This allows you to proactively anticipate security risks and protect your customers’ data. Understanding the current problems, as well as the next generation of threats, allows you to remain in compliance and prevent costly security breaches. Read more

Different Types of Incidents that Can Result in Compromised Network Security and Information

10/12/2011/0 Comments/in PathMaker Group, Security Awareness, Security Services, Vulnerability Management/by PathMaker Group

Network security is an important consideration for any business that is connected to the internet, but especially for businesses entrusted with sensitive customer information. Penetration testing and PCI compliance are important safeguards for protecting customer data, but what are the ways in which customer data might become compromised?

Malware
Malware is one of the most pervasive network security threats these days. Malware is a comprehensive term to describe viruses, worms, Trojan horses, tracking cookies, and many other types of threats that include malicious code or software that aims to breach your confidentiality. They can be detected and removed with most software security suites.
Cybercrime
While malware attempts to breach your security from inside your computer, cyber criminals attempt to breach your security from afar. Hacking and cyber crime causes tens of millions of dollars in losses every year. One way to prevent cybercrime is to have an IT security professional perform penetration testing on your system to find loopholes and close them. Read more

Using IBM Tivoli Access Manager for Enterprise Single Sign On to Secure your Passwords

10/11/2011/0 Comments/in Identity Management, PathMaker Group, Security Awareness, Security Services/by PathMaker Group

A sticky note on your monitor is a good way to remember to bring home a gallon of milk to stay out of the doghouse with your spouse. A sticky note hidden around your desk with all your passwords is a good way to end up in the doghouse with your company’s IT security group!

Let’s face it; it’s hard to remember the passwords for every application we have to use at work. It’s even more challenging when the interval to change passwords is different for every application. Hmmm is my email password myusualpassword12, myusualpassword13 or myusualpassword14?

It’s natural to want an easy way to keep track of them. This leads to insecure things such as using your dog’s name, much easier than remembering X1nP4!e. It’s also easy for someone that knows you to socially engineer that password. Writing the complex password down is easy too. Again simple for someone to flip the keyboard to that sticky note and gain access to your accounts. Read more

EHR Stimulus Incentive

09/14/2011/0 Comments/in EHR Technology, Identity Management, PathMaker Group, Security Awareness, Security Services/by Keith Squires

EHR technology is a medical software that can help your practice keep track of and treat patients more efficiently and effectively. Additionally, many of these technologies, when implemented correctly and used properly, are subject to government incentives, making them affordable to install.

With the Stimulus Incentive Calculator app for the iPhone, you can figure out how much you will earn by using certified EHR software. Using various factors, such as the size of your practice and the number of patients you see per year, this calculator can show you the incentives for which you may be eligible.

To learn more about the benefits of using EHR technology in your practice, contact PathMaker Group. We provide security solutions and identity management servicesw.

Visit our website or call (817) 704-3644.

PCI Updates

01/07/2011/0 Comments/in PathMaker Group, PCI Compliance, Security Awareness, Security Services, Strategic Planning, Vulnerability Management/by PathMaker Group

I thought i would take a few minutes to wish everyone happy holidays and a very prosperous 2011. I also noticed that I hadn’t blogged in a while so I thought I do a little of that…

This blog provides a few updates and observations related to the following:

PCI DSS v1.2.1 to PCI DSS v2.0 transition – very well defined, except for the cut-over date. The bottom line is that the PCI SSC is encouraging all merchants and service providers to convert as soon as possible, but at the same time saying everyone has until New Years Eve 2011 (one year).
PCI DSS and PA-DSS v2.0 Scoring Templates – QSAs can’t plan their projects without the new Scoring Templates. This will stall migrations.
Sampling And ASV Scanning Do Not Mix – this wasn’t a like a free lunch but some still manage to screw it up…
PCI DSS Timeline Clarification Read more

Log Management the Easy Way!

05/27/2010/2 Comments/in Log Management, Security Awareness, Security Services/by PathMaker Group

The Need for Effective Log Management

Log Management is a necessity for regulatory compliance and essential to maintaining a positive security posture in your environment. As your IT organization evolves to comply with today’s regulations and defend against new network security threats, you should choose a solution that avoids expensive maintenance and operating costs, reduces the number of resources needed to maintain and support your solution, and most importantly provides the most effective log management solution on the market today.

Our SaaS offering collects log data via an agentless collection device and provides log storage, reporting, correlation and monitoring leveraging our grid computing and storage architecture in our highly secure redundant datacenters. Read more

Cyber attacks, they occur more often than you think!

05/27/2010/0 Comments/in Identity Management, Incident Response, Security Awareness, Threat Advisories/by PathMaker Group

Cyber attacks have become a ‘weapon of choice’ for many terrorist organizations. Cyber attacks can be launched from anywhere in the world that has Internet access, are often untraceable, and have the potential to wreak havoc on our financial and economic systems, defense networks, transportation systems, power infrastructure, and many other essential capabilities.

Although not widely publicized, cyber attacks occur routinely. Within the State of Texas, a major computer security incident with significant financial and operational impact is an annual event for most organizations, including state government entities. In fact, state entities reported a daily average of almost 575 security incidents in fiscal year 2009, including malicious code execution, unauthorized access to data, and service disruptions. Most of these attacks are blocked, prevented, or result in only minor disruptions.

Between January 2005 and August 2009, Texas-based organizations reported 105 incidents involving privacy data; 43 of these incidents were government-related (universities, cities and counties, and state agencies). These 105 incidents exposed over 3 million records, with the cost estimated at an all-time high of $202 per record exposed, totaling $606 million dollars to recover from the attacks. This is why it is imperative for organizations to have a “multi-layered” approach to security to ensure these attacks remain unsuccessful or only do minimal damage and disruption.

Security as a Service (SaaS) Model?

04/21/2010/0 Comments/in Security Services/by PathMaker Group

For clients who have limit capital expense budgets, we’ve created a suite of services to help clients meet the challenge of limited budget and need to maximum security solution benefit. With services in log management, threat management, file integrity management, vulnerability management, wireless devices security management and 24/7 monitoring, we’ve effectively resolved eight of the most challenging Payment Card Industry (PCI) requirements.

Instead of spending several hundred thousand dollars and even more in additional personnel, and equipment rack space among other things to launch these products yourself, why not consider our SaaS model where for just a few thousand dollars per month, you get the benefits of a latest technology, reduced work for your personnel, and greatly improved security operations server.

In traditional outsourcing models, the customer gives up visibility and control to their inner operations. Not in our model! You can have as much access, full control, and visibility to everything that our Security Operations Center sees. We’ll just handle it around the clock!

Kneber botnet – update

04/19/2010/2 Comments/in Threat Advisories/by PathMaker Group

Last month, our trusted partner, NetWitness, discovered the Kneber botnet, a dangerous new ZeuS botnet that infected over 75,000 systems in 2,500 organizations around the world. The full story is in the link below.

Kneber Botnet

And, we just received more follow-on information from an RSA report that shows most major U.S. corporations (up to 88 percent of the Fortune 500 companies) are likely affected by botnet activity from computers compromised by the Zeus data-stealing Trojan, according to the study released last Wednesday, 14-April-2010. For more information on this report, please see the link below.

Zeus Data Stealing Trojan

PathMaker Group offers a complete lineup of services and solutions in response to this serious issue. We can assess your network, determine if your systems are infected by Kneber/Zeus, and help you take the appropriate steps to remove it and prevent it from coming back. Call us immediately if you feel like your business is experiencing malware or worm attacks.

Review Us at favecentral.com

Tag Archive for: security