Tag Archives: compliance

Careers After IT Auditing

life-after-it-auditRecently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading

Advertisements

10 Comments

Filed under Audit, Employment, How to..., Technology

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…

Staffing.

As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.

Continue reading

Leave a comment

Filed under Audit, Security

Why Should Businesses Audit Their Security Once a Year?

ADT’s reference library contains Five Reasons Every Business Should Audit Their Security Once a Year. The article, obviously an advertisement for their physical and network security services, is still worth a read. Why?

Continue reading

Leave a comment

Filed under Audit, Security

Attackers Don’t Help Companies, PCI Does

Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.

Continue reading

Leave a comment

Filed under Audit, Security

Visa Yanks PCI Compliance of Processors

Dan Goodin reports that RBS WorldPay and Heartland Payment Systems are no longer considered Payment Card Industry (PCI) compliant by VISA. Both credit card payment processors had recent breaches.

Gartner analyst Avivah Litan, who tracks payment card security, said, “Retailers and other companies are not allowed to do business with processors that are not PCI compliant so this puts all of Heartland’s customers and all of RBS’s customers out of compliance,” she told The Register. “It’s nebulous, as most of PCI enforcement is.”

If you’re PCI compliant, it’s a good time to remind management that compliance isn’t the end of the road. Being compliant does not mean your security is ironclad; it means that you have taken some of the first steps forward. Don’t rest.

More on the PCI Data Security Standard.

Leave a comment

Filed under Security