Let’s be honest: PCI DSS compliance is viewed as a pain in the neck. It is seen by management in many companies as a big fire drill to check the compliance box, but without real business value. They see the scramble to test, remediate and report to achieve compliance, but they often cannot connect it to improvements in their actual security posture. The lack of perceived value is the result of the prevalent “compliant but not secure” mode of operation.
The fire drill typically includes the following scenario: A large company with tens or hundreds of legacy systems, some of which store its most valuable information, is tasked with complying with PCI DSS requirements and validating compliance in quarterly tests and annual audits. The systems are siloed, owned by different line-of-business and application owners, sometimes with their own IT and security experts. Each application and associated infrastructure needs to be tested, scanned or otherwise validated to be in compliance. To minimize potentially negative impact on business critical applications, testing and scanning needs to be coordinated and scheduled with application owners. Results need to be communicated to those same owners and coordinated with IT administrators to apply the fix. After the fix is finally applied, the scans and tests need to be repeated to verify the exposure no longer exists. All of this information exchanging hands starts out in vulnerability scanning and governance, risk management and compliance tools, but most often ends up in spreadsheets and emails. Multiply those spreadsheets and emails by the number of components and stakeholders, and it is easy to see why the process overtakes the intended objective of cardholder data protection.
Data breaches are now a fact of life. Regardless of the size of your business, or the sector you operate in, sooner or later you should expect to come under attack by hackers.
In the past couple of years, there’s been a steady stream of high-profile attacks on companies around the world, from retailers to banks and healthcare providers. And if smaller firms think they will be overlooked by hackers in the belief they are not a valuable target, they are mistaken.
Published: Tuesday, 24 May 2016 07:55
The Business Continuity Institute’s Middle East business continuity and resilience Awards took place on Monday 23rd May 2016 in Abu Dhabi.
The winners were:
Continuity and Resilience Newcomer 2016
Pauline Kolset CBCI, Administration Manager, Risk Management, Jumeirah Group
Continuity and Resilience Consultant 2016
Tom Keegan FBCI, Enterprise Resilience Leader, Control Risks
Continuity and Resilience Professional (private Sector) 2016
Abdullah Alrebdi AMBCI, Business Continuity Senior Analyst, Saudi Stock Exchange (Tadawul)
Continuity and Resilience Professional (Public Sector) 2016
Mahmoud Abu Farha MBCI, Head of Business Continuity Management, Palestine Monetary Authority
Continuity and Resilience Team 2016
Roads and Transport Authority Crisis Management Team
Continuity and Resilience Provider (Service/Product) 2016
Deloitte and Touche, Resiliency and Continuity Services (RCS)
Continuity and Resilience Innovation 2016
Estmrarya Academy ‘Learn and be more Resilient’
Most Effective Recovery 2016
Commercial International Bank - Egypt
Industry Personality 2016
Fatima Azeem AMBCI, Executive Officer in Business Continuity, National Emergency Crisis & Disaster Management Authority
Ransomware has become such a prevalent threat that the Los Angeles Times suggested in a March 8 article that “2016 is shaping up as the year of ransomware.”
Recent ransomware victims, the paper reported, included the Los Angeles County Department of Health Services and Hollywood Presbyterian Medical Center, which paid $17,000 to regain access to a communications system that attackers had shut down.
Ransomware is ingeniously simple to execute and, as such, an effective method for cybercriminals to monetize malware attacks. Ransomware uses malware variants with names like “Locky” and “CryptoWall” to encrypt files in victims’ systems. The malware typically is delivered through phishing emails.
Crises don’t discriminate. Whether they are economic, geopolitical, technological or environmental, you can expect to have to deal with a major one soon. And how well you minimize the impact of that crisis is the difference between achieving your business objectives, and completely missing them, disappointing your customers, employees, partners, and shareholders in the process. Lucky for you (if you believe in luck and not the probability of chance events), Forrester’s risk experts have updated The Governance, Risk, And Compliance Playbook For 2016. I also recently finished a series of reports on the state of business continuity (which I have creatively named part 1, part 2, and part 3) to give you a jump start on your GRC efforts. Below, I’ve highlighted some of our most recent and exciting GRC research:
All-flash storage systems are about to spark a renaissance within the data center. Until very recently, the higher costs of all-flash storage has prevented the technology from being adopted across a majority of data center workloads. However, the recent introduction of high-density flash will certainly change this situation, as the ability to mix high density with traditional flash in a real-time auto-tiering manner will dramatically reduce the cost of flash, enabling its broader use for all workloads across the data center.
Flash is still uncharted territory for many data center executives. As the use of all-flash becomes more common, it will be more important than ever to know how to assess key performance parameters and assess any cost challenges encountered along the way.
(TNS) - A lone gunman is in the building, multiple people have been injured and the suspect is armed with semi-automatic handguns and extra ammunition. It’s up to law enforcement and emergency responders to evacuate the injured and subdue the gunman – all at the same time.
That’s the scenario that played out at UC Merced on Saturday morning as multiple Merced County law enforcement and emergency response agencies trained together on protocol and response for violent incidents.
About 50 role-players acted as student witnesses and victims while paramedics and firefighters teamed up with police officers and deputies.
(TNS) - Tropical storm and hurricane season kicks off June 1, so it's not too early to get ready.
That was the message federal, state and local emergency planners delivered last week during Hurricane Preparedness Week.
The message is simple: Be prepared.
This year's season, from June 1 through Nov. 30, could be more active than those the past couple of years, experts say.
Partnership offers immediate ‘lift and shift’ of any Windows-based applications to the cloud for faster customer on-boarding
LONDON, UK – Cloud application virtualization provider, Cloudhouse Technologies and cloud workspace provider, Cloud DC, today announced a partnership to on-board applications to the Cloud DC workspace. Both companies are committed to delivering apps, anytime, anywhere and on any device. By partnering, Cloud DC will use Cloudhouse’s Applications Anywhere solution to deliver business critical applications, regardless of device, operating system, or even where data is stored, on its virtual hosted Workspace platform.
Steve Robinson, CEO at Cloud DC said, “We are focused on empowering companies to take advantage of cloud services delivering the apps users want instead of full desktop deployments. Our customers just want apps made available to their users. However, often the biggest challenge in getting customers to this model is taking legacy or browser based apps to the cloud. With Cloudhouse, we can now get our customers to the cloud with their business critical apps regardless of any dependencies.”
Mat Clothier, Founder and CTO at Cloudhouse said, “Many of the business critical apps in use today have been built on legacy systems and have dependencies on outdated operating systems or browsers. Cloudhouse Applications Anywhere allows Cloud DC to take any classic Windows bespoke, browser based or desktop application to the Cloud DC Workspace platform. Our technology will enable Cloud DC customers to benefit from cloud services faster.”
Closely aligned with Microsoft and Citrix, the partnership will help customers overcome any challenges getting legacy apps to the cloud and enhances the cloud based delivery and management of applications in a way that enables Cloud DC to streamline application management in XenApp servers and/or images. Cloud DC delivers apps to their customers using full Citrix Reference Architecture on AWS, with Azure backup.
Cloud DC now can package apps once and reuse everywhere across a customer’s Workspace deployment, enabling them to take their entire office IT environment anywhere, anytime, and on any device.
About Cloud DC
Cloud DC is a born in the cloud company, with its flagship Cloud DC Workspace platform. Originally based in Australia, Cloud DC has expanded headquarter operations and sales offices to Austin, London and San Diego. The mission of Cloud DC is to be premier global cloud service provider of choice to business, delivering a cloud based Workspace platform through Distribution and Reseller channels.
Learn more at www.clouddcinc.com
Cloudhouse Technologies Limited is reinventing application deployment and management. Our technology transports any classic Windows bespoke, browser based or desktop application to the latest operating platforms and/or the Cloud. It’s a frictionless approach, with no re-coding of existing software. Release your applications and securely and safely deploy. Anywhere. On any device.
Cloudhouse make it happen www.cloudhouse.com.
AppSense Endpoint Security Suite Provides Advanced Applications Control, Windows 10 Restrictions and Builds a Security Posture with Analysis of User Activity
READING – AppSense, the leading provider of User Environment Management solutions for the secure endpoint, today announced at the annual Citrix Synergy Conference its Endpoint Security Suite with enhanced features for the prevention of Ransomware and Malware attacks. The solution combines new AppSense Application Manager application and privilege control with AppSense Insight for analysis of user activity and security privilege. AppSense Insight additionally provides deep inspection of user experience, virtual desktop performance and security risks at the endpoint.
The Endpoint Security Suite gives enterprises more security and management control over applications running in the Windows 10 operating system. With AppSense Application Manager, IT can now allow the Windows 10 start menu and select Windows 10 system components to run, but can control and block unapproved Universal and Win32 applications. Application Manager can also govern access to the Windows Store and can block the Win 10 Edge browser to restrict the use of unapproved applications and uncontrolled browser activity.
“Windows 10 migration, the growing threat landscape and the Ransomware plague are prompting enterprise IT to take a closer look at endpoint security. The AppSense Endpoint Security Suite combines technologies that intelligently create and enforce policies to mitigate attacks,” said Jon Rolls, Vice President, Product Management, AppSense.
Enterprises are also in great need of more data on user endpoint experience in order to develop the most effective application and privilege control policies. The advanced AppSense Insight solution enables discovery of user activity and behavior using a lightweight agent that requires no reboots or drivers, and can be deployed and removed with zero user disruption. Data is collected in a self-contained virtual appliance that scales to support data gathering from up to 15,000 endpoints, and requires very little ongoing maintenance. With this detail, IT can adjust security policies and gain greater control while being able to drive automated exceptions for a positive effect on user experience.
Additional features in the new Endpoint Security Suite include:
- Custom Rules provide the most flexible targeting on the market, using any combination of run-time desktop environment parameters such as OS version, group membership, device network address range, device type, time of day or even file content.
- Dashboard Home Page provides easy access to key metrics pulled from the Insight database.
- Applications Blocked Report lists applications blocked by Application Manager policies, with extensive trending, filtering and sorting.
- Application Privilege Usage and Local Administrator Reports pinpoint where excessive security privileges are potentially being used, how often and by whom.
- Trend Graphs can now plot changes in a metric over time (day, month, etc).
- Most Recent Data compares results such as the most recent logon time against long-term averages, minimums and maximums.
The AppSense Endpoint Security Suite is available now. It will be showcased in Las Vegas, May 24-26, during Citrix Synergy 2016 at Booth 515G and LANDESK Interchange 16 at Booth 6. For more information or to request a demo, please visit http://www.appsense.com
AppSense is the leading provider of User Environment Management solutions for the secure endpoint. The technology allows IT to secure and simplify workspace control at scale across physical, virtual and cloud-delivered desktops. AppSense solutions have been deployed by 3,600 enterprises worldwide to nine million endpoints. AppSense is now a part of the LANDESK family with offices around the world. For more information, please visit www.appsense.com.
Copyright © 2016, AppSense. All rights reserved.