You are viewing 'compliance'

How to Implement an ISO 27001 Information Security Management System

15 steps for a successful implementation

Derek Weakley

December 08, 2016 - Posted by Derek Weakley to Security Insight

ISO 27001

Implementing an ISO 27001, and subsequently ISO 27002 Information Security Management System (ISMS) is no small feat. It is a daunting task, disruptive to your organization and can also upset employees with necessary changes. How can your organization effectively implement a robust and successful security program?

The first step in determining whether your organization is ready for an ISMS is to ask, how will we benefit from this? Security professionals often overlook this step, but it is critical and can really encourage management's support of the program. It is not financially viable to pursue something that will not at some point increase the bottom line. Discuss whether your organization will retain or acquire customers based on the strength of the security program. Your organization may also experience a competitive market advantage or improve its reputation after implementation. Furthermore, not implementing a program could cause your organization to lose revenue,... read more >

PCI SSC Revises Deadline – Should You?

Additional 24 months allowed for compliance

Bob Bybee

February 04, 2016 - Posted by Bob Bybee to Security News


In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.

The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >

Do We Need Software Regulations?

Bob Bybee

October 20, 2015 - Posted by Bob Bybee to Security Insight

Regulations, Guidelines, Compliance

“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.” – Weinberg’s Second Law

A thousand years ago, anyone who could stack some bricks could call himself a building designer. It took a few centuries and the collapse of a number of buildings, but eventually we decided that there needed to be some restrictions on who could, and who could not, put up a building.

Today, in most occupations that are even slightly technical, you need to be licensed. You can’t just hang up your shingle and go into business designing bridges or wiring buildings. All states require these types of professionals to be licensed, and in many cases to hold a Professional Engineer (PE) certification. Only someone holding the appropriate license can... read more >

Software-Defined Networking (SDN) Part 2

You have SDN, great! Now what?

Adam Marlowe

October 09, 2015 - Posted by Adam Marlowe to Security Insight


Software-Defined Networking (SDN) is a dynamic architecture that separates the network control plane from the network data plane. This technology allows fast, efficient network changes from a centralized management point, similar to the Virtual Machine (VM) infrastructure. In the first part of this series, we covered some basics of SDN and high level uses from a network and security perspective. For this blog, we will work through a few scenarios in which SDN can provide value to companies and their teams.

The versatility of SDN provides an almost unlimited number of scenarios. For this blog, however, I am only focusing on a handful of examples that will demonstrate some of the ways the technology can be leveraged. The following examples are pulled from challenges I have faced, questions from clients or just really awesome technical points.

These examples are:

  • Endpoint and Environment...
read more >

Solutionary Earns PCI ASV Certification

12th Consecutive Year as an ASV

Court Little

September 29, 2015 - Posted by Court Little to Security News


Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)