IT Security and Compliance White Papers

Read the latest white papers from industry experts New Net Technologies. We provide comprehensive information on IT security and compliance.

Some of us will need therapy during and after an audit - that’s not unusual - but can a Compliance Audit really bring about the same feelings as other forms of grief? Furthermore, if this really is the case then, by extension, could we coach ourselves through the compliance audit process to become more effective at dealing with future audit situations?

Getting the balance right between the need to meet your mandatory obligations for PCI DSS, and the imperative of minimizing costs’ of ownership, is a challenge.Section 10.2 of the PCI DSS states “Implement automated audit trails for all system components...” and there are typically two concerns that we always discuss –What is the best way to gather and centralize event logs? What do we need to do with the event logs once we have them stored centrally? (and how will we cope with the volume!?)

Has there ever been a more confusion-generating initiative than the PCI DSS? Even now, a good seven years on from its initial introduction, a clear and definitive understanding of what your organization needs to do may still be a challenge.

The breach at Target has not just been big news within the Information Security community; it is worldwide headline news in all mainstream media outlets. This article looks at Brian Krebs’† excellent (as usual) investigation and analysis of the story so far from an NNT perspective.

The UK Governments initiative to prescribe a security standard to any organization accessing the Government Connect Secure Extranet is a move designed to keep government organizations one step ahead of the inexorable increase in security threats. There have been too many high profile data thefts and losses by Government organizations, highlighting both the risk to, and the importance of, ICT Security and the governance of citizens' data.

Right now, Ransomware is the Great White Shark of cyber-attacks, the most feared malware of all, and both corporate and home users are running scared. And rightly so - Anyone who has had experience with Ransomware, will attest to the agony and disruption. But instead of worrying about an attack, what action can be taken to safely venture back into the water and not necessarily “with a bigger Boat”?

Security is a complex area - there are many types of cyber threat to deal with and each requires a different set of tactics and capabilities. Whether you need to protect your organizations confidential data - be it intellectual property or your customers’ personal information - or fend off malicious attacks and acts of internet vandalism, the threats are out there and getting increasingly tough to defend against.

In early 2017, NNT assembled a panel of experts to discuss the increased importance of applying the Center for Internet Security Controls as part of a modern approach to cyber security. The session also highlighted the benefits of combining the CIS Controls with ongoing, real-time compliance monitoring.

Within any IT estate, the only constant is change.

Change Control has always been a key security best practice. With every change made to IT systems comes a risk of a weakening of security defenses, not to mention operational problems, through misconfigurations. Changes also create ‘noise’ that makes it more difficult to detect a breach when a cyber attack succeeds.

Threats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2012 is far more diverse and dangerous than ever before.

Your enterprise is under attack right now and if a breach is successful, you could lose your Intellectual Property, your sensitive company planning and financial data, your market intelligence and with it, your overall competitive edge could be setback by years.

The new and updated version of the PCI Data Security Standard is as much about refining and improving the protection afforded by the DSS as re-launching the standard and attempting to galvanize renewed focus onto PCI compliance.

Many organizations have still chosen to delay the implementation of their PCI program, being wary of the resource requirements necessary to manage PCI compliance.

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.