• Blog
  • www.ezfim.com
  • About
  • Solutions
  • PCI DSS 3.0
  • Contact Us
  • Media
    • Twitter
    • Facebook
    • LinkedIn

EzFIM

~ File Integrity Monitoring

EzFIM

Category Archives: PCI DSS

PCI DSS v3.0: FAQs and Security Basics

17 Monday Feb 2014

Posted by EzFIM in File Integrity Management, PCI DSS

≈ 2 Comments

Tags

Change-Detection Mechanism, ezfim, file integrity monitoring, FIM, NetBoundary, PCI DSS code compliance, PCI DSS v3.0

InformationProtectionPCI DSS recently implemented a new and improved guideline for compliance. However, many business owners are still in the dark in regards to PCI DSS as a whole.  Here is a quick refresher covering some of the basics about the policy and how it works.

PCI DSS—The Basics

What does PCI DSS stand for?

PCI DSS stands for Payment Card Industry Data Security Standard.  PCI DSS functions to protect the consumer’s sensitive data particularly during POS, ATM, and all credit/debit card transactions.

What year was PCI DSS first implemented?

On December 15, 2004, the Payment Card Industry Security Standards Council (PCI SSC) was formed to lay down the guidelines for a policy. The original version was put in place in September of 2006.

Continue reading →

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...

The Happy Hacker: Top 5 X-Mas Gifts for the Cyber Criminal

23 Monday Dec 2013

Posted by EzFIM in cyberattack, PCI DSS

≈ 3 Comments

Tags

Anti-Virus, antivirus software, Christmas, Christmas 2013, Credit Card Skimmer, cybercriminal, ezfim, file integrity monitoring, FIM, hackers, Hackers (film), HD TV, MacBook Pro, Managed security service, Managed Security Service Provider, MSSP, NetBoundary, Password Protection, Payment Card Industry Data Security Standard, PCI DSS code compliance, Personal computer, PS4, Target, Xbox One

Hackers don't deserve presents.

Hackers aren’t your friends. Don’t give them gifts.

Christmas is nearly upon us once again.  And just like every year, there are certain items this holiday season that everyone must have.

For many, it is the Xbox One, or PlayStation 4.  Or perhaps a shiny new HD television is tops on your list.

But what does the professional computer hacker hope to find under his/her proverbial tree?

Hackers are human beings too; besides, even those employed in the most nefarious of professions are going to want some sweet new gifts—just like the rest of us.

Here’s a look at some top gifts sure to be high on all hackers’ lists this Christmas.

5.  Credit Card Skimmer

Not all hackers like to work from home. The skimmer first came in to prominence when a waitress used one to swipe customers’ credit card information.  You are in danger anytime your card leaves your hand and is out of sight (or anytime you are shopping at Target.)

4. Your Password

Continue reading →

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...

Is your End-of-Life (EOL) Operating System (OS) Non-code Compliant?

02 Monday Sep 2013

Posted by EzFIM in File Integrity Management, PCI DSS

≈ 2 Comments

Tags

Business, End-of-Life, Microsoft, Microsoft Windows, Operating system, Patch (computing), Windows XP, Zero-day attack

Don't let your antiquated OS keep you from PCI DSS compliance.

Don’t let your antiquated OS keep you from PCI DSS compliance.

As it turns out, you can learn a lot about the tech-industry from your non tech-savvy parents.  It’s true.

Recently I had a debate with my Dad—who fits firmly into the recently-retired-baby-boomer demographic—about his incessant use of the uber-outdated Windows XP OS.

My key argument—the shear speed or lack thereof—wasn’t making much of a dent in my Father’s philosophy.  I suppose for the pink-socks-and-jorts clad clan, speed is not a top priority.

However, once I hit upon the news that End-of-Life (EOL) operating systems (OS) were nearing not just extinction but code compliance issues—I now held the narrative to get Dad back to the 21st Century.

PCI DSS Code Compliance

Many businesses feel that being PCI DSS compliant means only having the right FIM in place to protect their clients’ data that is stored via a POS. Whereas this is a huge part of compliance, it is overlooking some other key areas where breaches might be imminent.

Continue reading →

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...

The POS: Modern Day Convenience and Hacker’s Paradise

10 Monday Jun 2013

Posted by EzFIM in PCI DSS, Point of Sales

≈ 2 Comments

Tags

ezfim, FIM, P2P, Payment Card Industry, PCI DSSv2.0, point of sales, POS, Ritty's Incorruptible Cashier

The POS has evolved from cash register into a data storage device.

The POS has evolved from cash register into a data storage device.

The most important key to understanding how to get your company up to compliance with PCI DSSv2.0 is to understand the role of the Point of Sales (POS) system.

If your company’s POS becomes compromised, you  risk putting your loyal customers’ personal data in the hands of crooks.

The History of POS

Point of Sales systems have been around since the late 19th Century. The early incarnations were little more than basic cash registers until the 1970s, when registers became computer-driven.

• 1879 — While on a steamboat trip to Europe, James Ritty became fascinated by a device that kept track of the boat’s propeller revolutions.

Once back from his trip, he set out with his brother, John, to create a similar device that could be used to record cash transactions at his Dayton, Ohio saloon. Patented as “Ritty’s Incorruptible Cashier,” the first POS was born.

•  1970s — This decade saw the rise of computer-driven cash registers. Essentially, these were mainframe computers that monitored a set of chosen registers.

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...
Pages: 1 2

PCI Forensic Investigator (PFI)—What do they do?

30 Thursday May 2013

Posted by EzFIM in PCI DSS, PCI Forensic Investigator (PFI)

≈ 2 Comments

Tags

Credit card, Crime Scene Investigation, CSI, CSI: Miami, Forensic Investigation, Hill Street Blues, Internet Security, NYPD Blue, Payment Card Industry, Payment Card Industry Data Security Standard, PCI DSS, PCI Forensic Investigator, PFI, QSA, Quality Security Assessor

EzFIM pic copy

The PFI is similar to a television detective.

In the wonderful world of television, a popular genre is the police procedural. From the old school cop shows such as NYPD Blue and Hill Street Blues to more recent shows such as CSI: Miami and Castle, they all feature an engaging plot line centered around the resolution of a mystery through a systematic approach—plus cool car chases and hyper-attractive heroes.

Much like the hotshot detective or forensic crime scene specialist, in the real world of Internet Security, the Payment Card Industry (PCI) has their very own sleuth: The PCI Forensic Investigator (PFI).

What is a PFI?

First, all PFI Investigators must be approved by the PCI DSS, and any legal entity, organization or company that seeks to become a PFI, must be a qualified Quality Security Assessor before becoming one.

Once approved, the PFI Investigator’s central focus is dealing with credit card breaches.  Once a security breach is recognized, the PFI begins an on-site investigation to better understand how the breach occurred.

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...
Pages: 1 2

The Role of the Quality Security Assessor (QSA)

22 Wednesday May 2013

Posted by EzFIM in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

≈ Leave a comment

Tags

FDIC, Federal Deposit Insurance Corporation, Payment Card Industry, PCI DSS, QSA, Quality Security Assessor

When you deposit money into your bank, you can rest assured that it is safe.  Even if your bank is robbed, the Federal Deposit Insurance Corporation (FDIC) protects your account through deposit insurance worth up to $250,000 of each account holder’s investment.

The QSA's ultimate goal is to ensure your client's stored information is locked up safely.

The QSA’s ultimate goal is to ensure your client’s stored information is locked up safely.

Created by the Banking Act of 1933, the FDIC was put in place to protect the consumer’s investments. Essentially, it is an additional layer of protection; insurance should even the thickest of safes become compromised.

Protection beyond physical means was the impetus for the Payment Card Industry’s creation of the Data Security Standard.

The Danger of POS

Much like late nineteenth century banks were easy prey for bank robbers, point-of-sales (POS) machines have become a hacker’s favorite tool for theft.

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...
Pages: 1 2

No Need to Distress over PCI DSS

17 Friday May 2013

Posted by EzFIM in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

≈ 3 Comments

Tags

code compliance, ezfim, file integrity monitoring, FIM, pci dss v2.0, POS, protecting your customers, texting

It wasn’t too long ago that I had no idea what the abbreviation “BRB” meant. By the time I figured it out, the person that I was texting with had long returned from whatever they were doing. Text messaging, like Facebook, has now segued into everyday life, and you certainly do not have to be too “tech savvy” to join in—here’s looking at you, Mom!

EzFIM - File Integrity Management so simple it's Ez!

EzFIM – File Integrity Management so simple it’s Ez!

Picking up on the latest style of communication is similar to learning a new language. And this is nothing to “LOL” about.

At EzFIM we know that technical jargon about code compliance is difficult to grasp.  However, a firm understanding of the importance of PCI DSS compliance is crucial to learn about, and downright dangerous to do without.

What is PCI DSS?

Have you ever used your credit card to pay for something? I am sure you have. Well, your card was swiped into a Point-of-Sales (POS) machine.  It is difficult to visualize but that simple swipe of your card has transferred extremely sensitive information about you into a database.

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...
Pages: 1 2

Understanding File Integrity Monitoring (FIM)

06 Monday May 2013

Posted by EzFIM in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

≈ 7 Comments

Tags

Bob Dylan, Business, file integrity management, Google, Operating system, Payment Card Industry Data Security Standard, PCI DSS, Tripwire, Twitter

Technology, and how we use it, is an ever-evolving, organic process. In fact, it makes Bob Dylan’s sage observation-The Times They Are a-Changin’-just as relevant now as it was forty-nine years ago.

EzFIM - File Integrity Management so simple it's Ez!

EzFIM – File Integrity Management so simple it’s Ez!

Times are changing, just as processes are evolving.

Google has become both a noun and a verb. A baseline understanding of abbreviations coupled with the ability to engage in condensed conversation—Twitter, anyone?—have become essential.

Just as computers have segued from novelty to necessity, so have methods of file management.

Share this:

  • Twitter
  • Facebook
  • Email
  • Print

Like this:

Like Loading...
Pages: 1 2

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 391 other followers

EZFIM BLOG POSTS

  • Top 7 Gadget Fails of the last Decade
  • EzFIM Reviews 2014: The Year of the Hacker
  • The Top 5 Hacker Friendly Gifts
  • EzFIM Discusses the Impact of the Great Sony Hack
  • EzFIM Musings: A Reflection on the History of Humanoid Robots

EZFIM BLOG COMMENTS

  • Cyber Security: Is Your Small/Medium Business at Risk? | EzFIM on 5 Tips to Help You Securely Surf the Internet

EzFIM Calender

April 2018
M T W T F S S
« Jan    
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Upcoming Events

No upcoming events

Blog at WordPress.com.

Cancel
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: