Security News

If you're like most IT security officers or business owners, you are striving to avoid any "hiccups" with this year's information security and/or compliance assessment. MegaplanIT's team of QSAs and auditors always recommend that continuous monitoring is key to successful risk management, but there are a few other checklist items that, if implemented throughout the year, may just reduce the level of effort required by your auditor - which should save you time and money!
Here at MegaplanIT, we detest check-box compliance audits. Going through the motions just to satisfy security regulations and standards (like PCI and HIPAA) does not mitigate the risks of attack. Sure, you may satisfy the auditors, but at the end of the day nobody wins without rigorous security assessments. Is your company being proactive about network security, or are you falling for the check-box compliance trap?
As the complexity of the IT topography continues to increase along with the number of firewalls deployed, the typical enterprise firewall rule set stands as a confusing rat's nest of contradictions and insecure configurations. Not only does the state of these rules expose enterprises to undue risk, it inevitably throws it out of compliance. Auditors are getting wise to the problems posed by poorly managed firewall rules. Here's why you should, too. - See more at https//
If your organization is planning on achieving PCI compliance for the first time, you are probably overwhelmed with the amount of information presented to you. Rest assured, it can be a daunting task for even the biggest companies. Understanding this, MegaplanIT offers free Trusted Advisory for anyone considering PCI compliance - whether you are our client or not. We want to see your project succeed, period. Previously, we've offered 10 Ways to Reduce PCI Compliance Costs.
A hacker going by the alias "Masakaki" has claimed credit for breaching, a leading recruiting agency for Wall Street financial firms. The criminal, who belongs to a hacker group called TeamGhostShell, made off with 3,000 resumes from around 50,000 compromised accounts. Masakaki indicated that he would trade the resumes on the black market, but there were also hints of "hacktivism" as Masakaki pointed to the Occupy Wall St movement as inspiration and/or motivation.