The “intrusion kill chain” framework is an analytical tool introduced by Lockheed Martin security researchers in 2011. It is also sometimes referred to as the “Cyber Kill Chain”. It is an intelligence- driven, threat-focused approach to study intrusions from the adversaries’ perspective that could give network defenders the upper hand in fighting cyber attackers. So, what is…
Category: pci
Revisiting the Target breach of 2013
Between November 27 and December 18, 2013, the Target Corporation’s network was breached. 40 million credit and debit card numbers and 70 million records of personal information were stolen. The ordeal cost credit card unions over two hundred million dollars for just reissuing cards. Six months prior to the breach, Target deployed a well-known and…
QuickGuide: PCI Guidelines at a glance
PCI DSS (Payment Card Industry Data Security Standard) is an industry mandate. If your enterprise accepts credit card payments or handles payment card data, it must comply with PCI DSS. Here are the 12 key requirements set by PCI DSS – Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults…
PCI: Are you a merchant or a service provider or both?
I was recently asked by one of my clients going through a PCI compliance assessment, if they were a merchant or a service provider? Sounds like a simple question. So, let’s dig deeper. The PCI Security Standards Council (SSC) defines a merchant this way: For the purposes of the PCI DSS, a merchant is defined…