by Anton Chuvakin | February 12, 2013 | 9 Comments
As all of you already know, PCI Council has finally released an official “Information Supplement: PCI DSS Cloud Computing Guidelines” [PDF] aka “PCI DSS in the cloud.” Here are some of my favorite quotes from the 52 page [sadly, a bit, wooly] mammoth of a document: “The allocation of responsibility between client and provider for [...]
Category: cloud compliance PCI DSS Tags: cloud security, compliance, PCI, PCI compliance, PCI DSS
by Anton Chuvakin | June 29, 2012 | 2 Comments
I learned something new the other day (yes, I love my job a lot for that reason). A high percentage of people I take inquiries from (called “dialogs” in our team due to its Burton roots) ask me: how are we doing compared to our peers? The first time I was asked that, it took [...]
Category: compliance philosophy security Tags: security
by Anton Chuvakin | March 13, 2012 | Comments Off
“Is cloud secure?” Seriously, why are you asking this? Ask: is MY USE of cloud computing secure? Or, if you want to be a bit fancy, you can add “… secure enough for my purposes?” Do ask “is my provider doing a good job with security?”, BUT realize that it is NOT the most important [...]
Comments Off
Category: cloud compliance monitoring security Tags: cloud security, security, security monitoring
by Anton Chuvakin | October 31, 2011 | 1 Comment
Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or compliance is restored (e.g. in case of PCI DSS and fixing severe vulnerabilities with high CVSS scores). Now, imagine the same process that attempts to [...]
Category: compliance security vulnerability management Tags: vulnerability assessment, vulnerability management
by Anton Chuvakin | October 11, 2011 | 4 Comments
Everybody who has any relation to PCI DSS and payment data security has probably already read the “2011 PCI Compliance Report” report. You have not?! Well, you have a fine choice then: enjoy my highlights below AND THEN go read the full report; or just go and read the report now. One of my favorite [...]
Category: compliance PCI DSS security Tags: PCI compliance, PCI DSS
