The Payment Card Industry Standards Council recently published a document that previews the changes in the coming Version 3.0 of the PCI Data Security Standards. A short summary of the changes: More reporting - PCI DSS 3.0 will require card holder data flow diagrams, inventory lists of what is in-scope and evaluations of "evolving malware … Continue reading PCI 3.0: Slight Improvements, More Reporting, No Improvements in the Process
The Department of Homeland Security recently awarded the first phase of the Continuous Diagnostics and Mitigation (CDM) Blanket Purchase Agreement contract. This award is to 17 system integrators and about 19 product vendors, providing products and services that cover mostly the first four of the Critical Security Controls: Inventory of Authorized and Unauthorized Devices Inventory … Continue reading Free Money for Continuous Monitoring!!
Did APTs go down during the recent large DDoS attack against China? Article on DDoS event here. Continue reading Twelve Word Tuesday: DDoSing the Great Firewall of China
A brief history of Microsoft's CEOs, and the security of their software: 2000 - Steve Ballmer takes over as CEO at Microsoft, Bill Gates remains as Chief Software Architect. 2001 - After an accelerating stream of serious vulnerabilities in the Windows operating system, and in the IIS Web Server and IE Web Browser components in … Continue reading Will Steve Ballmer's Departure Change Microsoft's Approach to Security, For Better or Worse?