The Hannaford data breach represents an interesting situation where the breached company was actually PCI compliant at the time of the breach. From what I've gathered, the company believed it had strong security measures in place. The breach occured as hackers where able to capture data during the transmission of card authorization. While the PCI Data Security Standard prohibits retailers from transmitting credit card data unencrypted over public, open networks, it doesn't have the same requirement for internal networks.
http://www.boston.com/business/articles/2008/03/18/grocer_hannaford_hit_by_computer_breach/
http://www.informationweek.com/security/showArticle.jhtml?articleID=206904986&cid=RSSfeed_TechWeb
Sunday, March 23, 2008
Considering an XP to Vista Migration?
Think again. I found this comprehensive comparison of XP vs. Vista on InfoWorld's website. Based on the author's assessment, there are no compelling reasons to upgrade from XP to Vista at the moment. Our own field experience validates these findings. We have had numerous clients purchase Vista OEM computers only to return them to the manufacturer or downgrade to XP. I recommend holding off on your upgrades until the next version of Windows for the enterprise.
http://www.infoworld.com/article/08/03/17/12TC-vista-versus-xp_1.html
http://www.infoworld.com/article/08/03/17/12TC-vista-versus-xp_1.html
Wednesday, March 19, 2008
PCI DSS Self-assessment Questionnaire (SAQ) Version 1.1
The SAQ is a validation tool used primarily by Level 2, 3 and 4merchants (and some smaller service providers), as defined by the majorcard brands -- Visa Inc., MasterCard Worldwide, Discover Network, AmericanExpress and JCB -- to validate compliance with the PCI DSS. The PCI Council updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant totheir environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires amerchant is required to complete. Each merchant completing the SAQ version1.1 selects the questionnaire that best represents their environment.
https://www.pcisecuritystandards.org/tech/saq.htm
https://www.pcisecuritystandards.org/tech/saq.htm
Monday, March 17, 2008
Complimentary IT Assessment
We're certain you measure your financials, but how do you measure the performance of your IT department?
Are your projects running late or over budget?
Do you have the right people staffing your IT department?
How do you determine the business value of your IT projects?
Has your business outgrown the capabilities of your IT department?
Vitale Caturano is offering a complimentary assessment. Register today.
Are your projects running late or over budget?
Do you have the right people staffing your IT department?
How do you determine the business value of your IT projects?
Has your business outgrown the capabilities of your IT department?
Vitale Caturano is offering a complimentary assessment. Register today.
Sunday, March 16, 2008
IT Governance Study
Interested study by Jeanne Ross and Peter Weill of MIT, based on a survey of CIOs at 256 enterprises and 50 case studies on how enterprises govern IT. While no simple formula offers specifications for implementing IT governance, Dr. Ross and Dr. Weill conclude in their study that thoughtful governance design can help firms deliver on their strategic objectives.
http://mitsloan.mit.edu/cisr/pdf/Weill-Ross%20-%20Effective%20IT%20Governance-final.pdf
http://mitsloan.mit.edu/cisr/pdf/Weill-Ross%20-%20Effective%20IT%20Governance-final.pdf
Subscribe to:
Posts (Atom)