Online Security, Safety, Tips, Compliance, Standard
Security Standard
Security Predictive Modeling
Oct 31st
Basically, we have two techniques to observe abnormality in network traffic which are: Getting information on the network level by passively monitoring the network and collecting Network Flow data. [Threat Monitoring NBA] Getting information from the events (logs) coming from systems/nodes available in the network by collecting the logs into a central management system for
PCI DSS: Requirement 7
Nov 24th
Requirement 7 of the PCI DSS states: “To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need to know and according to job responsibilities. ‘Need to know’ is when access rights are granted to only the least amount of data and
PCI DSS: Requirement 6, Develop and maintain secure systems and applications
Nov 18th
“Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor-provided security patches, which must be installed by the entities that manage the systems. All critical systems must have the most recently released, appropriate software patches to protect against exploitation and compromise of cardholder data by malicious
Proposed PCI DSS Checklist – OSBi Approach
Nov 16th
Control Objectives PCI Data Security Standard Requirements OSBi Proposed Solution Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data Network Firewall & Web/App/DB Firewall 2. Do not use vendor-supplied defaults for system passwords and other security parameters Network Assessment & Security Operation Procedure Protect Cardholder Data 3.
PCI DSS: Requirement 4
Nov 13th
Requirement 4 of the PCI DSS states: “Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols can be continued targets of malicious individuals who exploit these vulnerabilities to gain privileged access to cardholder data environments.” PCI DSS
PCI DSS – Requirement 3: Protect stored cardholder data
Nov 11th
Requirement 3 of the PCI DSS states: “Protection methods such as encryption, truncation, masking, and hashing are critical components of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of
PCI DSS – Requirement 2
Nov 10th
Requirement 2 of the PCI DSS states: “Malicious individuals (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These passwords and settings are well known by hacker communities and are easily determined via public information.” The application stack consists of applications, databases, operating systems and
PCI DSS – Requirement 1: Install and maintain a firewall configuration
Nov 7th
Requirement 1 of the PCI DSS states: “Firewalls are computer devices that control computer traffic allowed between a company’s network (internal) and untrusted networks (external), as well as traffic into and out of more sensitive areaswithin a c ompany’s internal trusted network. The cardholder data environment is an example of a more sensitive area within
New Potential Threat in Telco Enviroment (Migration into IP Network)
Oct 24th
Telco Operator shortcomings Availability / Performance of Network and Network Elements Regulatory and audit requirements compliance (ISO 8583 / PCI) Optimize CAPEX and OPEX Fraud prevention Revenue leakage DNS Cache Poisoning prevention DDOS attack on the network – “heap dump” on network elements and saturated the bandwidth Customer usages behaviour for marketing research Lack of
Payment Card Industry Data Security Standard (PCI-DSS)
Oct 23rd
What is PCI-DSS The PCI-DSS Security Standards Council was developed by the five major credit card brands (MasterCard, VISA, American Express, Discover, and JCB) to help merchants safeguard electronic data from security breaches and to ensure the proper handling and protection of cardholder account and transaction information. PCI DSS is a set of guidelines, measures,