What is out-of-scope related to PCI and who decides?

PCI rules are designed for payment cards, but the same common-sense security guidelines will also dramatically help security in other areas.

Recently the PCI Security Standards Council released an FAQ that mentions how “application whitelisting” can be used as a compensating control for antivirus under some situations.
The exact text of the FAQ is:
“The Council is looking for equivalent controls that address malware and all types of threats referenced in Requirement 5, which are often found in [...]

Are data breaches becoming less common, or is the media getting tired of reporting on them?

There is no shortage of advice on how to prevent a data breach, but what if you become a victim of a breach? Do you have a plan of precisely what to do next? While very few retailers do, I’ll offer some suggestions.

Before we delve into what you should do next

The deeper dive into mobile security leads to more questions and difficult decisions, but we can take a dialpad of solace from the fact that retailers are at least starting to think about these issues.

Security management has always been about making choices. With so many layoffs and urgent Web projects for the imminent holiday season, how much time can your team justify spending checking log activity reports, searching to see if any cyberthief visited last night? After all, you rationalize, we can always examine both days’ logs tomorrow.
It’s about [...]

There is light at the end of the tunnel – risk and compliance technologies and standards are relieving auditors and businesses in this age of increased electronic accountability. On the heels of our integration of SolidCore’s technology, researchers from McAfee Avert Labs have laid out the compliance challenges facing organizations, and the new standards which can [...]

In June McAfee acquired Solidcore, a leading provider of dynamic whitelisting technology. Today, under the McAfee name, we offer the industry’s first end-to-end compliance solution that includes dynamic whitelisting and application trust technology. In my opinion, this technology is one of the most disruptive that I have seen over the last 15 years. [...]

This year’s theme at the Gartner Risk and Compliance Summit centered on directions and tools to help organizations maximize their Governance, Risk and Compliance programs. No doubt, a reflection of the current economic climate.

Especially interesting was that few vendors really had anything innovative or different to offer compared to last year. Some were niche vendors [...]