Security Standards - IT Library : ZDNet Asia

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Using ISO 27001 for PCI DSS Compliance 2007-02-27 siemens

The Payment Card Industry Data Security Standard (PCI DSS) isn't dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn't mention any of the prerequisites required for a management framework, e.g. management commitment, scope definition, security awareness training, ongoing improvement plans, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented. So therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would contain additional security requirements to sit on top of an already established Information Security Management System (ISMS).

Tags: Security Management

Stock Spam: A Classic Scam 2008-02-07 MessageLabs

The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this scam to new levels, deploying it through images, PDFs, botnets and more.

In this white paper you will learn more about the criminals' sophisticated tactics. Plus, see how one particular stock scam in 2007 all started from a simple e-card to an unsuspecting victim in Florida, and how it played out for thousands of people either with or without the superior protection offered by a MessageLabs Web Security Services solution.

Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Best Practices

The Payment Card Industry (PCI) Data Security Standard (DSS) 2007-02-05 Treasury Institute

Accepting credit and debit cards is a fact of life at campuses nationwide. Hand-in-hand with card acceptance comes the responsibility to safeguard and protect all transaction and consumer data. Unfortunately, education institutions because of their open networks and occasionally inadequate security procedures are particularly vulnerable to hacking and other compromises of confidential data: of the 321 information security breaches nationwide reported in 2006, 84 - or 26% - were at education institutions. This 26% share for Education is particularly disproportionate when one considers that education represents only a small percent of total payment activity nationwide. As a result, financial institutions and card issuers increasingly view education institutions as risky merchants.

Tags: Security Management

Regulatory Compliance and the IBM Mainframe: Key Requirements 2007-02-01 CA (Computer Associates)

Generally, a governmental regulation does not specify what technology is required in order to meet its requirements. In fact, many regulations do not even specify any details of an effective internal control. Therefore, administrators and compliance officers are left to determine what methods they will use to meet the often vague requirements within each regulation. In the area of overall corporate governance, the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has become widely adopted. Although COSO contains requirements for a range of areas of governance, there is little in the COSO framework regarding specific IT controls.

Tags: HIPAA

Meeting and Exceeding PCI 1.1 Compliance Today 2007-01-31 Secure Computing

Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards based on CISP (Cardholder Information Security Policy), and known as the Payment Card Industry Data Security Standard (PCI). All merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, are required to be compliant with PCI or face contract penalties or even termination by the credit card issuers. The primary purpose of this standard is to protect credit card data by reducing fraud and theft. The PCI standard seeks to accomplish this through a "Defense-in-depth" strategy.

Tags: Security Management

Practical Implementation of an ISO 17799- Compliant Information Security Management System Using a Novel ASD Method 2007-01-31 VTT

This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization's actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization's own baseline, which might not be compliant with existing standards and industry-defined best practices.

Tags: Security Management

Oracle Applications 11i: Credit Cards and PCI Compliance Issues 2007-01-29 Integrigy

All Oracle Applications implementations that "Store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard 1.1 regardless of size or transaction volume. The PCI Data Security Standard (DSS) 1.1 is a set of stringent security requirements for networks, network devices, servers, and applications. The standard details specific requirements in terms of security configuration and policies and all the requirements are mandatory. PCI DSS is focused on securely handling cardholder data, but also has a significant emphasis on general IT security. This paper will review the credit card processing features of Oracle Applications and will provide general guidance for Oracle Applications implementations on complying with relevant PCI DSS requirements.

Tags: Security Management

PCI Compliance: Are You Onboard? 2007-01-26 Tripwire

Payment Card Industry (PCI) establishes stringent standards on how merchants process, store or transmit cardholder data. These standards are a set of comprehensive security requirements that combine technology, policies, education, and awareness as well as industry best practices into an integrated framework. Adding to the compliance burden is the presence of "double jeopardy." Members are not only responsible for their own PCI DSS compliance, but also the compliance status of their Merchants and Service Providers across all payment channels, including in-store, mail/telephone-order, and e-commerce. PCI is a technical standard (not a regulation) that offers strong recommendations conforming to long-established security best practices.

Tags: Security Management

Meeting the 12 Rules of the PCI Data Security Standards: Employing CoreGuard to Meet Encryption and Access Control Requirements for Payment Card Industry (PCI) Standards 2007-01-22 Digital Pathways

Compliance with PCI (Payment Card Industry) data security requirements is a key initiative for any company that processes credit cards. PCI, an industry-wide adoption of Visa's CISP (Cardholder Information Security Program), is the credit card industry's standard for securing cardholder data. Visa's CISP and MasterCard's Site Data Protection standards merged into the PCI standard in December 2004. In Europe, compliance is mandatory, by June 2006, for any business that stores, processes, or transmits this data. The PCI guidelines provide a list of requirements to ensure that a company is providing the requisite level of security.

Tags: Security Management

Oracle Label Security - Best Practices for Government and Defense Applications 2007-01-17 Michigan State University

Units that accept payment (credit/debit) cards ("Merchant Units") must comply with this document and all the Payment Card Industry Data Security Standard (PCI DSS) requirements. Some of the PCI DSS requirements only apply to certain card processing environments. Therefore, the University has defined two types of card processing environments, based on the compliance efforts involved: simple and complex. A simple-compliance environment is defined as one where the Merchant Unit does not store, process or transmit cardholder data electronically.

Jump to 1 2 3 4 5 6 [7] 8 9 10

Title	Date Added	Company
Using ISO 27001 for PCI DSS Compliance	2007-02-27	siemens
The Payment Card Industry Data Security Standard (PCI DSS) isn't dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn't mention any of the prerequisites required for a management framework, e.g. management commitment, scope definition, security awareness training, ongoing improvement plans, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented. So therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would contain additional security requirements to sit on top of an already established Information Security Management System (ISMS). Tags: Security Management
Stock Spam: A Classic Scam	2008-02-07	MessageLabs
The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this scam to new levels, deploying it through images, PDFs, botnets and more. In this white paper you will learn more about the criminals' sophisticated tactics. Plus, see how one particular stock scam in 2007 all started from a simple e-card to an unsuspecting victim in Florida, and how it played out for thousands of people either with or without the superior protection offered by a MessageLabs Web Security Services solution. Tags: Security Management, Security Tools, Spam - E-mail Fraud - Phishing, Best Practices
The Payment Card Industry (PCI) Data Security Standard (DSS)	2007-02-05	Treasury Institute
Accepting credit and debit cards is a fact of life at campuses nationwide. Hand-in-hand with card acceptance comes the responsibility to safeguard and protect all transaction and consumer data. Unfortunately, education institutions because of their open networks and occasionally inadequate security procedures are particularly vulnerable to hacking and other compromises of confidential data: of the 321 information security breaches nationwide reported in 2006, 84 - or 26% - were at education institutions. This 26% share for Education is particularly disproportionate when one considers that education represents only a small percent of total payment activity nationwide. As a result, financial institutions and card issuers increasingly view education institutions as risky merchants. Tags: Security Management
Regulatory Compliance and the IBM Mainframe: Key Requirements	2007-02-01	CA (Computer Associates)
Generally, a governmental regulation does not specify what technology is required in order to meet its requirements. In fact, many regulations do not even specify any details of an effective internal control. Therefore, administrators and compliance officers are left to determine what methods they will use to meet the often vague requirements within each regulation. In the area of overall corporate governance, the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has become widely adopted. Although COSO contains requirements for a range of areas of governance, there is little in the COSO framework regarding specific IT controls. Tags: HIPAA
Meeting and Exceeding PCI 1.1 Compliance Today	2007-01-31	Secure Computing
Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards based on CISP (Cardholder Information Security Policy), and known as the Payment Card Industry Data Security Standard (PCI). All merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, are required to be compliant with PCI or face contract penalties or even termination by the credit card issuers. The primary purpose of this standard is to protect credit card data by reducing fraud and theft. The PCI standard seeks to accomplish this through a "Defense-in-depth" strategy. Tags: Security Management
Practical Implementation of an ISO 17799- Compliant Information Security Management System Using a Novel ASD Method	2007-01-31	VTT
This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization's actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization's own baseline, which might not be compliant with existing standards and industry-defined best practices. Tags: Security Management
Oracle Applications 11i: Credit Cards and PCI Compliance Issues	2007-01-29	Integrigy
All Oracle Applications implementations that "Store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) Data Security Standard 1.1 regardless of size or transaction volume. The PCI Data Security Standard (DSS) 1.1 is a set of stringent security requirements for networks, network devices, servers, and applications. The standard details specific requirements in terms of security configuration and policies and all the requirements are mandatory. PCI DSS is focused on securely handling cardholder data, but also has a significant emphasis on general IT security. This paper will review the credit card processing features of Oracle Applications and will provide general guidance for Oracle Applications implementations on complying with relevant PCI DSS requirements. Tags: Security Management
PCI Compliance: Are You Onboard?	2007-01-26	Tripwire
Payment Card Industry (PCI) establishes stringent standards on how merchants process, store or transmit cardholder data. These standards are a set of comprehensive security requirements that combine technology, policies, education, and awareness as well as industry best practices into an integrated framework. Adding to the compliance burden is the presence of "double jeopardy." Members are not only responsible for their own PCI DSS compliance, but also the compliance status of their Merchants and Service Providers across all payment channels, including in-store, mail/telephone-order, and e-commerce. PCI is a technical standard (not a regulation) that offers strong recommendations conforming to long-established security best practices. Tags: Security Management
Meeting the 12 Rules of the PCI Data Security Standards: Employing CoreGuard to Meet Encryption and Access Control Requirements for Payment Card Industry (PCI) Standards	2007-01-22	Digital Pathways
Compliance with PCI (Payment Card Industry) data security requirements is a key initiative for any company that processes credit cards. PCI, an industry-wide adoption of Visa's CISP (Cardholder Information Security Program), is the credit card industry's standard for securing cardholder data. Visa's CISP and MasterCard's Site Data Protection standards merged into the PCI standard in December 2004. In Europe, compliance is mandatory, by June 2006, for any business that stores, processes, or transmits this data. The PCI guidelines provide a list of requirements to ensure that a company is providing the requisite level of security. Tags: Security Management
Oracle Label Security - Best Practices for Government and Defense Applications	2007-01-17	Michigan State University
Units that accept payment (credit/debit) cards ("Merchant Units") must comply with this document and all the Payment Card Industry Data Security Standard (PCI DSS) requirements. Some of the PCI DSS requirements only apply to certain card processing environments. Therefore, the University has defined two types of card processing environments, based on the compliance efforts involved: simple and complex. A simple-compliance environment is defined as one where the Merchant Unit does not store, process or transmit cardholder data electronically.

Security

Featured Whitepapers

Member Login

Oracle Technology Solutions for Midsize Businesses

Industry Report: Financial Services