[Previous] Body of man who jumped into Campbell creek found in Santa C...

 [Next] Secure Encryption of Emails, Web Browsing and Pretty Much ever...

Some related posts from Technorati and Google.

[E-Commerce Times] E-Commerce News: Governance & Compliance: End-to-End Encryption ...: Specific reference to the use of encryption is increasingly found in privacy mandates and industry best practices that attempt to go beyond the traditional focus on "people and processes." Furthermore, encryption is often favored by regulators and policy makers because of the black-and-white nature of the technology. Data is either encrypted or it is not, which in theory means it is either secure or not -- a very measurable parameter that is well received by auditors and regulators.

[PCI DSS Compliance Blog] PCI DSS for Small Business | PCI DSS Compliance Blog: Surf forums on PCI compliance and you’ll quickly come across a plea for help from a small business owner on sorting out how to comply with PCI DSS.  Especially for mom and pop shops, PCI DSS compliance can be a daunting process.

[TechNewsWorld] Technology News: Encryption: Rethinking the Fortifications: Q&A ...: Prior to the creation of PCI DSS, cardholder and payment-related data was highly insecure. While the regulation has significantly improved the state of information security within the payments infrastructure, it only addresses the more obvious areas of vulnerability.

[Credit Cards...] The future of PCI DSS encryption requirements? Tokenization ...: Is it possible to use credit card tokenization to decrease the PCI DSS scope? Learn more about PCI DSS encryption requirements, tokenization for PCI and text tokenization.

[Latest articles from SC Magazine US] Solutions for defending against malware's nasty cousin: crimeware ...: Ensuring that your organization has a security and compliance program which includes security controls, log monitoring, and an incident response plan (PCI DSS 12.5.3, 12.9.X), can help minimize the financial and reputational damage done, and get you back on the road to recovery that much sooner.

[GLG News(sm): Technology, Media & Telecom] Goodbye PCI - Hello Encryption and Data Loss Prevention Products ...: The arguably ineffective Breach Avoidance Rules championed by the Payment Card Industry (PCI DSS) are on their way out; and new solutions that rely on Encryption and Data Loss Prevention Products are emerging.

[The Tech Herald Security News] PCI DSS and HIPAA drive encryption projects - Security: The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail and regulators and industry will therefore grow to depend on encryption. At the same time, key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbor.”

[AlertBoot Endpoint Security] Data Security: PCI Phasing Out WEP Wireless Encryption - AlertBoot ...: The PCI's Security Standards Council (SSC) said that any company still using WEP after that date [June 30, 2010] would not be compliant with PCI DSS. Non-compliant companies can have their right to process cards revoked.

[Sys-Admin Central] PCI Pre-Requirements - Sys-Admin Central: We certainly don’t want to mislead our auditors, but we do need to impress upon them that we are serious about PCI Compliance and are prepared for them. Having things like a document management system, diagramming tools, and so forth make the auditor feel more comfortable with you.

[theWHIR.com Blogs - Web Hosting Blogs] Demystifying PCI-DSS and PA-DSS Compliance For Web Hosting ...: I've always assumed a web server on the DMZ, a database server on the LAN, only the needed rules allowing Internet traffic on select ports to the DMZ and allowing database traffic from DMZ to LAN (*no* traffic at all from the Internet to the LAN) and storing the encryption key on the web server (DMZ) and the encrypted data on the database server (LAN). 

[Venafi Blog] Venafi Blog » Blog Archive » The Key Dilemma: Linking Compliance ...: The Payment Card Industry Data Security Standard (PCI DSS) and similar regulations mandate numerous controls around protecting sensitive data, including the management of and access to cryptographic keys. You might be surprised to learn how typical organizations secure and manage these keys””the private keys required to encrypt data in transit.

[Information+Security] Information+Security » Blog Archive » PCI DSS Requirement 3: “Strong cryptography” is defined in the PCI DSS Glossary of Terms, Abbreviations, and Acronyms. 3.4.1 If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed independently of .

[PCI DSS Compliance Blog] End to End Encryption Emerges a Winner from the PCI SSC Meeting ...: At the PCI Security Standards Council community meeting last week in Las Vegas, end-to-end encryption came out at the top of the list of payment card industry “emerging technologies. to do) that examined twelve technologies on the market that potentially could help merchants satisfy PCI compliance mandates like PCI DSS and PA-DSS.

[Information+Security] Information+Security » Blog Archive » PCI DSS Requirement 4: This is posted for educational purposes, because text is easier to use than poking through the pdf. Requirement 4: Encrypt transmission of cardholder data across open, public networks .

Reflected tags on Technorati: Blog, Encryption, Global Security Watch