Posted April 10th, 2015

PCI Compliance, HIPAA, HITECH and Holistic Data Protection

Photo source: PCI Compliance and Data Security A dichotomy exists between information and data – and the way that information and data are discussed, stored, protected, and used. Any number of people reading this might identify themselves as working with “Information Systems” in the field of “Information Technology,” and some of them work with… [read more]

Posted January 31st, 2014

POS Malware – Same Malware, Different Merchant – Black Swan Event

An article titled  A First Look at the Target Intrusion, Malware posted January 15 by @briankrebs contained an initial analysis of BlackPOS a POS malware targeting retail systems. Retail POS along with other related software, including security systems and software appears to be a common weak link. The hackers have concluded that if you focus on… [read more]

Posted October 10th, 2013

Digital Certification Authorities and Data Breaches

Author: Bill Corbitt Abstract This paper analyzes several recent breaches of major players in the security industry, in particular security products vendors and Certificate Authorities (CAs). Distinct patterns and relationships have emerged that have allowed the prediction of the next set of potential targets. Without the implementation of stringent compliance standards for CAs one… [read more]