
IT GRC, The Story - How do you do it? - Part 1
I was recently discussing IT GRC program implementation with the CIO of a growing, mid-sized software…
Read More
Getting the most value from your next penetration test
We here at True Digital Security conduct quite a lot of engagements around penetration testing, or "Pen-Tests".…
Read More
When are merchants required to use a PA-DSS validated POS (point-of-sale) application?
In True's experience as a QSA advising merchants with PCI compliance, one point of confusion seems to…
Read More
Solving the Verizon DBIR 2010 Cover Challenge
For the second year in a row, Verizon Business has encoded a "Cover Challenge" in its annual Data Breach…
Read More
More on outbound firewall rules
In a previous article, I mentioned two firewall rules that every network should have: blocking outbound…
Read More
Solving the Verizon DBIR 2011 Cover Challenge ? again
For a third year, Verizon Business has embedded a "Cover Challenge" in its annual Data Breach Investigation…
Read More
PCI SSC Releases Tokenization Guidelines
Today, the PCI SSC finally released tokenization guidelines. Nothing too surprising in the guidelines,…
Read More
Picking on the Little Guy
Security is expensive. We all know that. I see the battles my clients continually face ? particularly…
Read More
Internal vs. External Vulnerability Scans
Vulnerability scanning. Mention those two words, and your IT operations staff usually shudders. Conversely,…
Read More