Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Darkreading: compliance

From: gem at cigital.com (Gary McGraw)
Date: Wed, 4 Apr 2007 10:00:30 -0400
Hi all,

Another big momentum machine for software security (and data security) is PCI compliance.   There is a challenge, 
though, and that is figuring out where the credit card data that you want to protect are.   We've found in our practice 
at cigital that the data are literally scattered all over the enterprise.   Because of this, hair-brained solutions 
like application firewalls (something called out in the PCI standards) often don't help.

I think PCI compliance is doing for data security and data risk what SOX did for software security and sofware risk.   
They both help with problem awareness.

To answer your question directly, we see lots of large enterprises working hard on PCI these days.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com.


 -----Original Message-----
From:   McGovern, James F (HTSC, IT) [mailto:James.McGovern at thehartford.com]
Sent:   Mon Apr 02 11:15:49 2007
To:     SC-L at securecoding.org
Subject:        [SC-L] Darkreading: compliance

SoX has done a wonderful job of getting enterprises to embrace the notion of holistic identity and access management 
which wasn't occuring prior to it. It would be interesting to hear from folks here what other enterprise initiatives do 
you think that should be on the radar of large enterprises.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________



----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: