Being a security professional, the term virus drives many adrenal glands to fight it out tooth and nail until its elimination. Well in these conditions, my fight is restricted to novice guidance on do’s and don’ts as learned and understood by me. Thanks to all medical and paramedical professionals who are risking their own lives …
PCI-DSS – Sustenance in Coronavirus (COVID19) Pandemic Conditions Read More »
Introduction to GDPR European Union has introduced GDPR Regulation to protect the fundamental right to privacy for every EU citizen. In simple words, the data subject (EU citizen) will be made aware of on the 5 ‘W’s’ of When, Where, What, Who, Why and also the ‘H’ for ‘How’ their personal data is being used, …
GDPR Compliance – A Move towards championing the right to privacy Read More »
In recent years, numerous enterprises have withdrawn from obsolete and vulnerable protocols such as SSL and early TLS (TLS v1.0 and 1.1). Though many businesses settle in TLS v1.2 (considered secure for deployment), it is always good to look forward to a more reliable protocol. The susceptibility of TLS v1.2 to weak algorithms and exploitation …
TLS v1.3: Be ready to migrate to a faster and more secure HTTPS traffic Read More »
We often hear in the Indian context and also in global context about moving towards a ‘cashless society’ , rather call it ‘less of cash society’ to lend practicality to the world of digitalisation. When we move from cash to cashless from a security perspective there must be substantial focus shift from Physical Security to …
Now we are in 2018 and security industries are glad to not be in the shoes of the Intel folks. The intel processor which is one of the most widely known and used processors in the world is facing attacks such as Meltdown and Spectre. SPECTRE What is Spectre? Spectre is an attack that injects …
The prime focus of the PCI DSS is on protecting the card number also known as the PAN (Primary Account Number) besides the PIN and Track data (Chip and Mag Stripe). The standard allows the entity to store the PAN whereas it prohibits storage of Track data and PIN with exceptions for issuers of the …
Finally, a minor version of PCI DSS 3.0 standard (now version 3.1, after the v1.2.1 many years ago), has been released by the PCI SSC to address the vulnerable SSL/early TLS protocols with addition of few clarifications of other requirements. PCI DSS v3.1 is effective immediately. PCI DSS v3.0 will be retired on 30 June …
It all goes really well when the assessment begins with the Issuing Section. You never seem to lose interest watching the Maticas churning away the fresh new cards, so much so that I take a moment to quietly awe at how these card printers control a considerable chunk of the world economics. You return back …
Defense in depth broadly defines that security controls need to be deployed in all the layers of the OSI model, such that the vulnerabilities, which may surpass the security controls in one layer, do not transcend in to the other layers. Well, the understanding of the above sentence largely depends on how well one understands …