Whether you’re searching for strategies, best practices, or industry news, our seasoned experts have created hundreds of helpful resources, filterable by content type, solution, platform, and author. To stay informed, join our email list to get content that matters to you.
PCI’s MFA requirements now apply to IBM i. You have two choices: purchase MFA software that’s designed for IBM i or write your own program to link your existing MFA solution to IBM i. What's the best option for your organization?
Despite the server’s incredible security infrastructure, auditing remains primarily a thankless, manual chore. And, let’s face it, any task that’s thankless and manual probably won’t get done.
Few things strike fear into the hearts of consumers and businesses more than a breach of financial information. Why? Because it hits us where we’re most sensitive: our pocket books!
I recently spoke with a number of attendees at COMMON’s fall conference in Columbus who were facing regulatory mandates including PCI, Sarbanes-Oxley, and HIPAA. For these organizations, tremendous resources are often consumed in order to generate the variety of information deemed necessary to prove compliance.
Let’s face it; system administration remains a largely thankless task. From scheduling jobs to balancing workloads to answering messages in QSYSOPR, administrators and operators work diligently behind the scenes to ensure that IBM i servers are available to run mission-critical applications.
The recent string of breaches at prominent retailers such as Target and Neiman Marcus demonstrated that too many organizations still falsely equate PCI compliance with comprehensive security. Fully compliant organizations are being hit with attacks that compromise payment card data on a regular basis.
Smack in the middle of the holiday shopping season, Target was hit with a malware attack that infiltrated its point-of-sale systems and enabled the theft of credit card numbers and personally identifiable information from more than 70 million shoppers.
With so few companies satisfying—much less optimizing—their risk management responsibilities, it’s worth examining which obstacles may be impeding progress.
The word ‘audit’ is rarely welcomed with open arms by the IT department, and administrators often employ all sorts of delay and escape tactics to avoid the inevitable. But what they may not realize is the full significance of passing these assessments, or how painless the process can be.
The PCI Security Standards Council is set to officially release its third iteration of PCI DSS in two days on November 7, and the new version features numerous changes.
Compiled with significant input from the private sector, the Cybersecurity Framework isn’t a prescriptive compliance document and instead gives companies significant leeway in how they use it to inform their security strategies. As a relatively new source of guidance, its implications for regulated industries aren’t clear yet.
The constantly changing cybercrime landscape paired with the speed of new technologies can make it difficult to know which skills a security administrator should focus on.
Many organizations can now attest to the fact that proactively taking small steps to protect the technology infrastructure would have been far less costly than those implemented during the panic following a major breach.