Security / Opinions

A laser focus on PCI compliance

For the past few weeks, I've been knee-deep in PCI compliance. I have previously mentioned that although my company's current credit card transaction volume doesn't require a full PCI audit, we have made a business decision to get the full PCI Report on Compliance, which entails hiring a qualified security assessor (QSA), submitting evidence, conducting a variety of qualified penetration tests and assessment scans and ultimately having an auditor spend about a week on site reviewing evidence and conducting in-depth testing of the 400-plus controls.

Written by By Mathias Thurman24 June 15 03:07

IT funding potholes

Organizations should know how to budget and pay for IT products and services -- they've been doing so for more than 50 years. This is not rocket science. Unfortunately, many organizations continue to make the same mistakes year after year.

Written by Bart Perkins23 June 15 03:49

6 steps to optimize your vendor relationships

Are your vendors one of the most important reasons why your organization is successful? If not, you may have a huge opportunity to unleash untapped capabilities that are already at your disposal. The ideas in this article will help you differentiate your organization in the eyes of your vendors so they pay more attention to your problems and help you achieve better results.

Written by Bob Ronan23 June 15 00:58

4 news apps that will change everything

I'm a huge fan of newspapers. I've been subscribing to the print edition of The New York Times since I was in college.

Written by Mike Elgan23 June 15 00:55

Twitter lost the average Joe and Jane (and they may never return)

Almost 10 years and 302 million active users (MAU) after its launch, Twitter remains a confusing, social media free-for-all. While it's embracing change on the periphery, its namesake platform remains an increasingly lackluster and frustrating experience for users. If you don't regularly use Twitter now, the odds are you never will.

Written by Matt Kapko22 June 15 23:39

What defines a mature IT security operation?

RSA recently published its inaugural and aptly named Cybersecurity Poverty Index. This study is based on self-assessments by organizations who compared their current security implementations against the NIST Cybersecurity Framework. According to the report, almost 66 percent rated themselves as inadequate in every category. With all of the recent breaches in the news, part of me is astounded at this finding. The other part is not surprised, given that this matches what I see in the field every day.

Written by Robert C. Covington16 June 15 03:59

Traction Watch: Okta grows by embracing its frenemies

Editor's note: Traction Watch is a new column focused obsessively on growth, and is a companion to the DEMO Traction conference series, which brings together high-growth startups with high-potential customers. The next DEMO Traction will take place in Boston on September 16, 2015. Growth companies can apply to present, or those similarly obsessed can register here to attend.

Written by John Brandon13 June 15 05:22

How to play the 2015 Video Game Hall of Fame games online for free

Back in the day, I spent a lot of beer-fueled hours playing arcade and console games, including Pong, Tetris, and Pac-Man. Those games are long gone, but certainly not forgotten, and all three, along with Doom, Super Mario Brothers and World of Warcraft, were just inducted into the newly-established World Video Game Hall of Fame.

Written by Bill Snyder09 June 15 01:16

Lessons learned from the Apple-Google privacy fight

One of the fascinating things about the last decade was the iPhone. We had a market dominated by companies like Palm, RIM, Nokia and Samsung. Each was incredibly powerful in its segment and two were massive multinationals. But, despite all that, Apple walked in and cut through them like a knife through butter.

Written by Rob Enderle06 June 15 04:49

Was the IRS breach unstoppable?

Another hack, another claim of inevitability. It is frustrating to read about the IRS breach and see it declared sophisticated. The following quote, from the IRS commissioner to CNN, is just outright infuriating:

Written by By Ira Winkler and Araceli Treu Gomes04 June 15 07:01

Marauders Map is stalking Facebook Messenger users

A new extension for Google's Chrome browser pushes the creepy needle into the red zone. Marauders Map tracks the location of anyone using Facebook Messenger who hasn't disabled its access to GPS location information from their smartphones.

Written by Bill Snyder30 May 15 00:40

FTC rulings give consumers stronger warranty protections

You likely believe you've always had the right to sue a company that sells you a defective product, or to take your device anywhere you want to get it repaired without voiding the warranty. In theory, you're correct, but today many companies bully consumers out of asserting their rights. Fortunately, that's about to change.

Written by Bill Snyder28 May 15 06:37

Google's YouTube Kids video site reportedly rife with sleaze

I don't believe in censorship, and I think it's the responsibility of parents to keep their kids away from inappropriate content on the Web. However, if a service is specifically aimed at children and marketed as a safe offering for them, that's exactly what it should be. YouTube Kids, on the other hand, is loaded with content that children should never see, according to the Campaign for Commercial Free Childhood and the Center for Digital Democracy, two consumer protection groups.

Written by Bill Snyder20 May 15 23:24

Data held hostage; backups to the rescue

Last year, I wrote about a ransomware infection that encrypted the hard drive of one of my company's employees. In that situation, a live, in-person scammer called the employee, claiming to be from "technical support," and tricked the employee into visiting a website that infected his computer. As with a similar situation I wrote about in 2012, the infection came from an advertisement on the front page of a major news service's website. The website runs rotating ads, one of which was compromised and hit the victim with a drive-by malware infection (without any intervention by or even the knowledge of the victim). I thought that because the infection was on the victim's personal computer, not on my company's network, we were pretty safe. I thought that if it had been on my network, the attempt probably would have failed, or would at least have been detected right away.

Written by By J.F. Rice19 May 15 23:08

Market Place