InfoSecureComply

Here’s a short, but good post on the changes that are coming to PCI.  Chris Secrest knows his topic… The Choice is No Longer Yours – Changes to PCI | NetSPI Blog.

Here’s a link to my blog post on NetSPI’s blog regarding the vocabulary of penetration testing services.  Basically, I’m a bit sick of people mis-representing their services … Penetration Testing – Deception through Vocabulary | NetSPI Blog.

Pentesting the Cloud | NetSPI Blog. Another post from NetSPI’s blog – Ryan is now the Director of Consulting for the Assessment team and is heavily focused on a lot of the penetration testing that NetSPI performs. We have a lot of discussion with clients around pen testing ‘new’ environments like cloud services and mobile devices…

Secure360 is almost here and we’re hoping that we’ve put together a really interesting, useful, and informative conference.  We’ve tried very hard to incorporate as much of the diverse security community as possible into the speaker selection and, while there certainly will be a large number of very good speakers focused on infosec, we’ve also got some great speakers that are going to be addressing business continuity management, security career   Read More ...

Measuring Security Risks Consistently | NetSPI Blog. This is a post from Chris Secrest, a NetSPI consultant that works with a lot of clients on the risk management and compliance side.  It’s a good post on what to think about when establishing consistency in risk measurement.

So I’m off to HIMSS and I’m looking forward to the conference. It should be a pretty up-beat conference with the economy slowly improving and there are a lot of healthcare IT initiatives that are driving activity this year and there is a lot of social media activity. The only concern that I have is the lack of focus on security. There does appear to be a bit more discussion   Read More ...

Arachni is not only meant to serve as a security scanner but also as a platform for any sort of black box testing or data scraping. Full fledged applications can be converted into framework plug-ins so as to take advantage of the ...

I’ve been talking with a number of our clients recently about some expected changes to the PA-DSS program.  The other day the PCI SSC released the PA-DSS v2.0 Program Guide that documents those changes and provides some additional reference information for application vendors that are looking to update applications that are already listed on the PCI’s site as being PA-DSS compliant. Here’s the link for the PA-DSS Program Guide v2.0

Another NetSPI blog post – this one from Ryan Wakeham.  Don’t worry, I’m not going to post every NetSPI blog post here, but this one is particularly interesting with HIMSS approaching as a lot of healthcare companies struggle with how to handle an on-going risk assessment program. NetSPI Blog » The Annual Struggle with Assessing Risk.

OK – this is my most recent post from the NetSPI blog.  It’s focused on how healthcare companies are finally going to be facing the prospect of actually being audited for HIPAA compliance… NetSPI Blog » HIPAA Privacy Audits – How Badly Am I Screwed?.