Optimal Security : the Lumension Blog

By now, most of us have heard of the data breach that affected Heartland Payment Systems.  It’s been front page news, and Heartland themselves went public with news of the breach in January 2009.  What many people might not know is that Heartland’s QSA (Qualified Security Assessor) had declared them as PCI compliant shortly before [...]

There’s no question about it, no matter the differences between line-of-business executives, CIOs and security practitioners, the one thing they all have in common these days is a shared dread of a ten-letter word: compliance.
As regulations of technology practices have mounted over the years, most companies have struggled simply to keep ahead of the latest [...]

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …
[Yeah, I know it's been a while ... sorry, but it's been a busy week at my day job ... and anyhow, I never said it'd be weekly, just that I'd only do it once a week.]
PCI [...]

Willie Sutton is reputed to have said (although he didn’t, actually), when asked why he robbed banks, “Because that’s where the money is.” So, we’re not really surprised to learn that a new scam is on to liberate the contents of ATMs, and by more sophisticated means than the skimmers I’ve written about previously. Nope, [...]

It’s been long discussed in the industry that  the requirements for PCI compliance were woefully inadequate and some have gone as far  as suggesting that PCI be replaced with some form of an independent governing body that would actually raise the standard rather than  simply appeasing the vendors to become compliant.
One of the hot topics [...]

McAfee, one of the largest AV vendors in the security space, recently acquired Solidcore Systems, a company that sells dynamic whitelisting technology, in a $47 million dollar deal that would add whitelisting capabilities to McAfee’s current product portfolio. While this comes as no surprise, this move by McAfee is just the tipping point for the [...]

First of all, I wanted to applaud your swift action to hire Melissa Hathaway to examine the nation’s cyberdefense strategies and move forward with a better plan. I think I speak on behalf of many within the information security field in saying that this is a positive step in securing the information infrastructure within the [...]

Sometimes, I’m sure, folks out there think we’re in the scaremongering business. Take, for instance, the notion that failing to protect your customers’ Personally Identifiable Information (PII) can expose your organization to both direct *and* indirect costs. You can find this notion in ad copy and whitepapers from almost all security vendors, us included. And [...]

We’ve hardly stepped into 2009, yet it has already become clear that we’re in for another rocky year when it comes to headline data breaches, botnets, and social networking threats. Just look at our Annual Report and Threat Predictions for 2009. It is enough to make a security guy like myself shake his head because [...]

The largest merchants operating overseas will have less than two years to secure credit card transactions, Visa announced on Monday.
Level-one retailers — those processing more than six million Visa transactions per year — must prove adherence to the Payment Card Industry Data Security Standard (PCI DSS) by Sept. 30, 2010, Visa said in a news [...]