In response to the recent BBC article (thanks to Robin Lee for sending this on) – http://www.bbc.co.uk/news/business-25591548, I wrote the BBC this: I run a company responsible for auditing firms on behalf of Visa, MasterCard, American Express et al, to ensure they are handling credit card details securely (we’re known as Qualified Security Assessors, or QSAs, […]
Travel insurer Staysure warns customers over IT hack Read More »
It seems a few service providers are jumping on the bandwagon, getting PCI DSS v3.0 compliant, and then pushing the message out to their potential and existing client bases saying v3.0 is better than v2.0 and that they’re obviously far more secure than other suppliers that only have v2.0 certification. PCI DSS v3.0 and PCI
PCI DSS v3.0 – the marketing game Read More »
Penetration testing should always reflect a measured approach to tackle the problem at hand, which is to ensure your systems are resilient from criminal attack. A penetration test should do this by simulating said criminal attacks, and attempt to gain access to your systems, people and premises. The marketplace is still clouded with firms that
Tick in the Box Penetration Testing (and why it’s bad) Read More »
I was recently asked by Computer Weekly for my thoughts around the biggest threats facing us in 2014. Unfortunately my predictions are far from optimistic, as criminals begin to target individuals on an unprecedented scale. 2013 saw an alarming rise in clever spear phishing techniques that companies and ISPs were simply too slow to respond
Lock up personal data in 2014 Read More »
Read Tim’s thoughts on privacy and data protection for 2014 here.
Computer Weekly – Dec 2013 Read More »
Last remaining places are available for our December training courses, which are the first instructor-led PCI DSS v3.0 training courses available worldwide since the release of the new standard: December 5 – Introduction to PCI DSS Training Course December 5/6 – 2 day Advanced PCI DSS Training Course
PCI DSS v3.0 Training – 5/6 December, London Read More »
Selecting a penetration testing provider can be a daunting task. The industry is somewhat unregulated and other than the likes of CHECK / CREST / Tiger Scheme there are relatively few means to check your penetration testing provider is actually capable of testing your systems, infrastructure, buildings and people to sufficient depth. On one hand
Penetration Testing – Building the Business Case Read More »
Tim talks about cyber security insurance. Read more..
Computer Weekly – Oct 2013 Read More »
ControlScan, Inc. and 2-sec, Ltd. to Present “Incident Response Plan Toolkit” SIG Proposal at North American, European Payment Card Industry Community Meetings PCI Special Interest Group would improve merchants’ risk preparedness, incident handling ATLANTA and LONDON, Sept. 12, 2013 – Payment security and compliance solution provider ControlScan, Inc., and security testing, QSA, PA-QSA
2-sec and ControlScan announce Incident Response Plan Toolkit SIG Read More »
