Monthly Archives: January 2014

Data breaches multiply: Something is badly wrong, but what?

Target’s breach tells us the world still isn’t fixed. The list of world-famous firms humbled by data breaches since 2007 makes sobering reading: Heartland, TK Maxx, the Sony PlayStation Network, Evernote, and now retailer Target are among a long list that have ended up with their expensively-tended brand names etched into data security history for the wrong reasons.

Continue Reading


What’s new in PCI 3.0?

Following the launch of PCI DSS 3.0 in January, I’ve been faced with questions from many businesses about changes they should implement within the next year to remain or become compliant with the updated mandate.

Continue Reading


Using least privilege to achieve compliance: The dual benefit

What do the guidelines of PCI DSS, FDCC, SOX and HIPAA have in common? These mandates, in addition to other commonly implemented regulations, either explicitly demand or at least suggest the use of least privilege security to effectively safeguard data. In terms of compliance, this methodology has a dual benefit – not only does it satisfy auditors, but it will also protect against security breaches that could result in destructive data loss.

Continue Reading


7 Windows 7 Resolutions for 2014

Migrating from XP to 7 offers organizations a good moment to re-assess their security setup. But where to start?

After nearly 13 years, Tuesday 8 April is the day Windows XP reaches the end of the road as Microsoft pulls extended support. Anyone still running XP after that day will be on their own and left exposed to an inevitable wave of malware attacks lured by the pickings to be had from millions of PCs running an unpatched operating system.

Continue Reading