Compliance is about auditable business processes that are related to meeting legal, regulatory & contractual requirements. Infosec is a confluence of strategic & tactical processes & controls with a goal of ensuring confidentiality, integrity & availability of data & systems. There is overlap but the two things are effectively different and aimed at different needs… Continue reading Compliance versus Security … Coming to Trial?
One of the easily recognized weaknesses in any system is the user. We want to be gentle, compassionate and nice about how we document this but it doesn’t change the reality that human designers, architects, engineers, developers and users bring with them some of the most exploited weaknesses. Security struggles with problems from this vector… Continue reading Scaling security
Who hasn’t heard about the Target/Neiman Marcus/<unknown number of other retailers that got POS-hacked? The apparent method of capturing this data was to RAM-scrape the Point-of-Sale (POS) systems before the data was encrypted. Let’s not get into that; everyone and their brother will tell you about it. What I want to make a point… Continue reading Compliance ≠ risk management or security
According to a Wall Street Journal article, Target endured breeches to both its Point Of Sale (POS) systems and another system. The POS breech affects up to 40 million Target customers’ data, including the theft of credit or debit card and PIN numbers. This newly revealed breech increases the number of customers affected by… Continue reading Target Breached Multiple Ways – 20% Profit Loss for Holiday Qtr