by Adam M. Lechnos, CISSP Payment Card Industry Data Security Standards or PCI DSS, are a set of 12 requirements with over 300 controls which apply to any organization which stores, processes or transmits credit card data. Today, I will attempt to add some clarity around PCI compliance within AWS. Concepts and practices were sourced from the referenced document below and here I will break it down further. I do suggest you first read the Architecting for PCI DSS Scoping and Segmentation on AWS and come back to enhance your understanding of the methods being applied and its rationale. For a quick primer on PCI-DSS, please refer to the council's overview PDF.Referenced from: https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf Infrastructure Services Infrastructure services such as EC2 require the

When M&A auditors look at a target company’s tangible assets, in the vast majority of cases that includes cybersecurity. In a new (ISC)² study about the impact of cybersecurity in M&A, 95% of respondents say they consider cybersecurity infrastructure “a tangible part” of the value calculation. The stronger the infrastructure, including soft assets such as risk management policies and security awareness training programs, the higher a target company’s value will be, according to 82% of respondents. If an audit reveals weak security practices, 52% of respondents would view the cybersecurity program as a liability. What this means for organizations considering a sale is clear: If you take your cybersecurity program lightly, it is bound to drive down the sale price.

As published in the July/August edition of InfoSecurity Professional Magazine By Crystal Bedell As a former cyber analyst for the government, Masha Sedova has seen firsthand what a Russian state-sponsored attacker is capable of. So, when she was charged with building a security culture at Salesforce in 2012, she knew an employee newsletter and animated videos wouldn’t prepare end users in the event of a targeted corporate attack. “I thought, ‘There’s no way this will work. It’s a waste of time,’” says Sedova, co-founder of Elevate Security in Berkeley, Calif. “In order for an organization to withstand an attack like that, people have to want to do security instead of have to. If it’s just a check-the-box task, people will

As published in the July/August edition of InfoSecurity Professional Magazine By Pat Craven, Director of the Center for Cyber Safety and Education As cybersecurity and cyber safety continue to become a growing global conversation, there are an increasing number of themed days and events to help promote the industry and highlight the need to educate people on how to be safe online. One of the biggest promotions of the year is Cybersecurity Awareness Month in October. October is a busy time of year for your Center for Cyber Safety and Education. We plan all year for Cybersecurity Awareness Month, and I wanted to share with you some ideas for ways that you individually, your (ISC)² chapter, or your company can

Cybersecurity threats are a major concern for businesses of all sizes, and that challenge can have repercussions when a company puts itself on the selling block. One of the things buyers will want to know is whether the company has had a breach and, if so, how it was handled. If the business can show it addressed the breach in a satisfactory way and learned from the experience by fixing its security vulnerabilities, its sale value increases, according to 88% of respondents in a new (ISC)² study titled Cybersecurity Assessments in Mergers and Acquisitions. The study reveals that cybersecurity audits are now standard practice in the M&A process. And the results of those audits have weight: 77% of study participants,