My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article.
SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage on the grid and ensure customers have energy during times of high use. It’s also what manufacturing plants use to manage the shop floor to make sure production can continue without interruption. If you’re like most network and application security professionals, you’ve never worked with a SCADA system. SCADA knowledge is specialized and often not covered in traditional security training and certifications like… Continue reading: Why SCADA Security Matters–And What You Should Know About It
The other day while starting work on a post about why hype is never a good marketing strategy when I remembered, “hey! I already wrote about this.” Since the information is still relevant today, we decided to make the piece available again.
Many thanks to Carol Baroudi, Founder of Baroudi Group, Inc. for kind permission to reprint this document.
Software and technology vendors, especially those in the United States, have gotten into the habit of overselling the capabilities of their products in an effort to close deals. While this is an annoying practice for non-security related products, it can be downright dangerous when it’s applied to… Continue reading: Blast from the Past: Why Vendor Hype Benefits No One
Yesterday the news came out that CA is planning to acquire Arcot for about 200 
Million. If you’ve read that it’s part of a CA IAM play, that’s correct, but it’s Strong AuthN and fraud prevention for IAM. Strong AuthN is something CA hasn’t really had before and the Arcot mobile solutions mean this can also be billed handily as a “cloud play.”
For more, take a look at this coverage:
From eWeek:
CA Technologies has agreed to acquire Arcot Systems for its authentication and anti-fraud technology. The acquisition comes with a price tag of $200 million. Founded in 1997, Arcot develops software-based digital signature and identity tools to help secure online transactions. Delivered via… Continue reading: CA to Acquire Arcot
Plenty has been written about the VISA tokenization best practices – but many 
have overlooked the truncation best practices. Ed and I covered truncation for SearchFinancialSecurity:
In July, Visa Inc. got out ahead of the Payment Card Industry (PCI) Security Standards Council and issued its own best practices for tokenization and PAN truncation. While quite a lot of attention has been paid to the tokenization side of the recently issued guidance, the truncation side has received less attention. We thought it would be useful to address the other side of this vital PCI Data Security Standard compliance issue.
For the rest of the article, please click here.
Continue reading: PAN Truncation and PCI DSS Compliance
Char Sample and I did a techtip for cloud VARs on compliance and security services. We focused on that customers might be interested in paying more for in order to insure their data is secured and protected in the cloud. Of course, in order for these services to be worth offering, customers will have to be willing to pay extra for them. Which raises the traditional Catch-22 dilemma – if you can’t trust a provider (insert any trusted provider here: doctor’s office, local policy and safety offices, financial institutions) to protect your critical information without having to pay them extra – should you be trusting them in the first place?
The late comedian George Carlin had a famous… Continue reading: Cloud Computing Security Services Add-Ons
