Covid-19 Does Not Exempt Compliance nor Security Obligations
While companies are consumed with the task of implementing remote work strategies in response to the COVID-19 crisis, it is critical to remember one thing: No matter how chaotic things get, Coronavirus does not exempt you from your industry or government compliancy obligations such as HIPAA, CCPA and PCI DSS. It also does not release you (more…)
CAMP IT Conferences Gallery
CAMP IT produces events designed to help IT professionals understand new technologies and make the critical, strategic and tactical decisions for their enterprises. (more…)
Third-Party Vendors: Are You on the Same Page?
Your Vendors May Be Weak Links in Supply Chain Breaches
Insufficient Vendor Reviews = Rampant Third-Party Breaches
According to a survey conducted by the Ponemon Institute in 2018, 59 percent of companies have experienced a third-party breach of some type. Despite the high prevalence of these incidents however, only 16 percent say they effectively mitigate third-party risks. (more…)
Clarifying the new PCI DSS 3.2 Requirements for Service Providers
The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in the far-reaching responsibility of protecting consumer data. The Payment Card Industry (more…)
11 Insights into Cyber Insurance and How It Concerns Your Business
There’s digital gold in your data storage units, computers, networks, and clouds. There is also a large portion of your reputational capital, liability of multiple kinds, and quite possibly the economic viability of your enterprise. With all this at stake, protection against IT incidents and accidents is a priority. However, data backups and IT security measures can only handle so much. Cyber security insurance can (more…)
PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized
Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party (more…)
Vendor Risk Management Hype Extends Beyond Target®
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant (more…)
An Open Letter to Antivirus Vendors: It is Time for Antivirus Software to Flag Memory Dumping
Dear Antivirus Vendors,
On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus software is relevant in this era (more…)
3rd Party Providers
3rd Party Providers. Remember when the big car companies in Detroit went through their quality measures and certifications, then began requiring all their 1st tier vendors to undergo the same quality certifications? This later trickled down to the multiple tiers of vendors that supported the 1st tier vendors. It was (is) called QS 9000. (more…)
