Category Archives: Compliance

You might be scratching your head over the alphabet soup in the title. Here’s the deal. Under Requirement 8: Identify and authenticate access to system components, PCI DSS defines requirements for those accessing systems that contain cardholder data that are … Continue reading

Posted in Compliance, Single Sign-On (SSO), Two Factor Authentication | Tagged , , , , , , , | Leave a comment

I and other security experts have been harping for years on the fact that managing information security is so much more than just choosing the value of a configuration parameter. Information security requires an ongoing business process. It must be … Continue reading

Posted in Announcement, Compliance, Info Security Mgmt | Tagged , , , | Leave a comment

At the end of April, the Payment Card Industry (PCI) Security Standards Council released version 3.2 of the PCI Data Security Standard (DSS).  A couple changes are noteworthy, even though most were incremental or for clarification purposes.

Posted in Compliance, Two Factor Authentication | Tagged , , , , | Leave a comment

It’s a simple fact. Good security doesn’t just happen. You need to have a very specific set of knowledge to effectively secure your information assets. The knowledge you need falls into five discrete categories: policies, data, people, systems, and events.

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , | Leave a comment

CAUTION: RANT ALERT On Wednesday, November 19, Admiral Michael Walters, the head of the NSA made a very disturbing announcement. He said that China and one or two other countries have the capability to launch a cyber attack that could … Continue reading

Posted in Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , , , | Leave a comment

A hot debate over the inherent security benefits of open source software — or lack thereof — has been raging (again) since the “heartbleed” bug came to light last spring. So…..from a security expert’s point of view (yes, mine!), is … Continue reading

Posted in Botz Blog, Cloud Security, Compliance, Encryption, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , , , , , , , , , , | 2 Comments

Have you ever encountered a situation where a user needed to use an application that displayed all of the rows in a file, but the user really should be restricted from seeing certain rows in that file?

Posted in Announcement, Botz Blog, Compliance, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , , , , , , , , , | Leave a comment

Did you ever think that the potential cost of a security breach is overstated by those who want to sell you security software or services? Well, no matter how you add it up,  the potential cost to Target during the … Continue reading

Posted in Botz Blog, Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , , , , | 1 Comment

A while ago I ran across this white paper from KPMG Netherlands: The five most common cyber security mistakes: Management’s perspective on cyber security.  As I was reading it I found myself making my own list. My list is called “5 … Continue reading

Posted in Botz Blog, Compliance, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , | 2 Comments

I recently collaborated with Patrick Townsend, CTO Townsend Security, on an encryption key management white paper.  The paper is targeted at the IBM i audience but actually contains useful information for folks using any platform.

Posted in Botz Blog, Compliance, Encryption, IBM i Security, Info Security Mgmt, Information Security | Tagged , , , , , , | Leave a comment