by Michael S. Mimoso
The PCI Security Standards Council announced the latest slate of special interest groups that it will prioritize next year. Merchants, financial institutions, service providers and others voted on a variety of potential SIGs before settling on cloud, ecommerce security and risk assessment.
This is the first time SIG selection was put to a vote, and more than 500 were cast, close to a quarter of the SSC’s participating organizations, said Jeremy King, European director of the PCI SSC, who added that one-third of the votes cast came from outside North America.
PCI SIGs are essentially forums for feedback on topics that ultimately is turned into guidance for interpreting and implementing existing or new mandates to the standard, the SSC said in a release. This year, the SSC released guidance on tokenization, point-to-point encryption and virtualization.
SIGs are made up of merchants, payment processors and qualified security assessors. SIGs must complete their efforts and deliver a guidance document within one year.
This year, voters had seven potential SIGs to choose from, and were asked to select a top three. The seven, according to the Storefront BackTalk blog, were: administrative access to systems and devices; how to write a risk assessment; patch management; ecommerce guidelines; PCI in the cloud; small business and PCI; and managing hosted service providers.
According to a U.S. intelligence report made available to Congress, foreign nations and other actors are using cyberespionage to take sensitive technology and trade data, and those actions pose a threat to American interests.
Reuters reported Thursday that in a report titled “Foreign Spies Stealing US Economic Secrets in Cyberspace,” the Office of the National Counterintelligence confirmed that foreign intelligence services, corporations and individuals have increased their efforts to take research and development data relating to U.S. technologies. These efforts include remote data downloads, transferring data to portable devices and via email.
The report, covering 2009-2001, was developed using data from intelligence agencies, think tanks, academia and what it called “private sector” resources. It referred to numerous sources being involved in cyberespionage against U.S. interests, but called out only Russia and China by name.
Though the report failed to link China to specific events, such as the RSA SecurID attack earlier this year, it represents a tacit acknowledgment that China’s involvement in cyberespionage represents a serious ongoing problem for U.S. companies.
“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” the Office of the National Counterintelligence wrote in the report. “China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of U.S. economic information and technology.”
U.S. DHS Science and Technology Directorate, Cyber Security Division, Cyber ...
SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...
Posted by InfoSec News on Nov 16http://www.eweekeurope.co.uk/comment/search-engines-could-be-a-hackers-doorway-for-unwary-coders-45712
Posted by InfoSec News on Nov 16http://www.csoonline.com/article/694092/mystery-virus-disrupts-new-zealand-ambulance-service
Posted by InfoSec News on Nov 16http://www.dailytelegraph.com.au/news/national/you-just-cant-keep-secrets-in-canberra-obama-visit-details-stored-in-old-van/story-e6freuzr-1226196051856
Posted by InfoSec News on Nov 16http://gcn.com/articles/2011/11/15/smart-grid-cybersecurity-chaos-pike-report.aspx
Posted by InfoSec News on Nov 16http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231903102/new-lingua-franca-for-exchanging-cyberattack-intelligence.html
Posted by InfoSec News on Nov 16On 11/16 2011, Congress holds hearings on the first American Internet