We’ve been doing a few data centre audits as of late, and most entities seem to think just because they have CCTV at their co-location data centres, they meet the compliance requirements of PCI DSS. You’ll note from wording that access control systems need to be MONITORED. Â If you’ve a data centre with a few […]
Our CEO and ISSA-UK President Tim Holman will be speaking at Coverity’s Big Debate in London on Wednesday 3rd July. – See more at: https://twosecstaging2.wpengine.com/2013/06/11/the-big-debate-are-you-making-the-right-decisions-to-secure-your-code/#sthash.C1yVHejx.dpuf
Coverity – The Big Debate – July 2013 Read More »
ISSA-UK Dragon’s Den Testing Times: Managing Vulnerabilities in Complex Systems HMS President, River Thames, London, United Kingdom Thursday 11th July, 2013 (5 CPEs) Register Here This year’s Dragon’s Den event will be looking at ways to help bring the gap between emerging vulnerabilities/threats and the ever increasing complexity of systems, both of which are taking an
ISSA-UK Dragon’s Den Event, HMS President – Thursday July 11th 2013 Read More »
I came across an interesting interpretation of PCI DSS recently, whereby a Merchant thought that just because they had been assessed compliant against PCI DSS, then all assessed payment channels also met the security requirements of Visa Operating Regulations. SAQ-C-VT (Virtual Terminal) is a standard that can be used to assess card-not-present and card-present transactions
PCI DSS vs Operating Regulations Read More »
Our CEO and ISSA-UK President Tim Holman will be speaking at Coverity’s Big Debate in London on Wednesday 3rd July. Event Location: The Brewery, 52 Chiswell Street, London EC1Y 4SD Date / Time: Wednesday 3rd July 18.30 – 22.00. Drinks and canapés from 18.30, with debate taking place around 20.00 Details: Security breaches make headline news and
The Big Debate: Are you making the right decisions to secure your code? Read More »
Shorts are on, sandals brushed down and summer is here! Unfortunately for us QSAs, someone had a bright idea of issuing a June deadline for both Level 1 and Level 2 Merchant PCI DSS Compliance and summer tends to be the busiest time of the year for us. We are also busy making suggestions and improvements
May 2013 Newsletter Read More »
It is well known there is a low barrier of entry for a security company to become a certified QSA Company (QSAC). As long as a reasonable amount of security experience can be documented and an annual fee paid, the resultant QSA examinations are trivial to pass. Â This unfortunately leads to a market that is
Choosing a QSA – tips on how to find some of the better ones… Read More »
Sorry it’s been a while since you’ve be ingratiated with a 2-sec blog entry. You might have noticed recent UK press legislation that was put in place following the phone hacking scandal, that appeared to be ubiquitous and spanning all kinds of publishing media. I did at some point work out if I could actually
Where did all the blogs go? Read More »
We see in the news another example of cyber criminals successfully stealing a private certificate and using it to their nefarious advantage. In this instance, cyber criminals allegedly exploited perimeter defences and web application security to gain access to one of Bit9’s private certificates –Â https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/. A private certificate is used to sign an encryption key,
The Bit9 incident Read More »
