When are merchants required to use a PA-DSS validated POS (point-of-sale) application?
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN COMPLIANCE, PCI
In True's experience as a QSA advising merchants with PCI compliance, one point of confusion seems to always surface ? when are merchants required to use a Payment Application Data Security Standard (PA-DSS) validated POS application?
First, it is impo...READ MORE +
Solving the Verizon DBIR 2010 Cover Challenge
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN UNCATEGORIZED
For the second year in a row, Verizon Business has encoded a "Cover Challenge" in its annual Data Breach Investigation Report. This year I was the first place winner, submitting the correct solution after 1.5 weeks of puzzling.
Verizon 2010 Data Breach...READ MORE +
More on outbound firewall rules
September 21, 2011 | POSTED BY BRETT EDGAR IN MONITORING, COMPLIANCE
In a previous article, I mentioned two firewall rules that every network should have: blocking outbound DNS (udp/53 and tcp/53), and blocking outbound SMTP (tcp/25). I'd like to suggest a few more rules to add to that list.
The first rule to add is bl...READ MORE +