logo.png
GET GDPR READY

Foregenix Blog

Andrew McKenna

Recent Posts

Andrew McKenna

Your Encryption Checklist

Encryption

,12/01/18 10:14

 

 

Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.  

Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.

Read More
Andrew McKenna

Containers: Keeping You Secure

,14/09/17 11:50

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light introduction to the subject with a few pointers on security.

Read More
Andrew McKenna

An Introduction to DevOps

,06/09/17 09:54

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation of platform operations, or scripted operations. 

Wikipedia has the following definition:

"DevOps (a clipped compound of "development" and "operations") is a software delivery process that emphasizes communication and collaboration from concept to market, including product management, software development, and operations professionals. 

Read More
Andrew McKenna

Why You Need To Defend Against Nation State Attacks

,06/07/17 16:21

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.

Read More
Andrew McKenna

Information Privacy, The General Data Privacy Regulation (GDPR) & Your Business

PCI, PA-DSS and P2PE, GDPR

,30/01/17 16:43

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.

Read More

Andrew McKenna

Recent Posts

Andrew McKenna

Your Encryption Checklist

Encryption

,12/01/18 10:14

 

 

Encryption is one of the foundations of keeping data secure, if a hacker can't read the information they've stolen, it's useless. Storing unencrypted cardholder data in any part of your website is asking for trouble. Hackers know what to look for and where to find it, so you need to ensure you're encrypting data.  

Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some things to bear in mind when considering your business’ plans for encryption in 2018.

Read More
Andrew McKenna

Containers: Keeping You Secure

,14/09/17 11:50

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light introduction to the subject with a few pointers on security.

Read More
Andrew McKenna

An Introduction to DevOps

,06/09/17 09:54

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation of platform operations, or scripted operations. 

Wikipedia has the following definition:

"DevOps (a clipped compound of "development" and "operations") is a software delivery process that emphasizes communication and collaboration from concept to market, including product management, software development, and operations professionals. 

Read More
Andrew McKenna

Why You Need To Defend Against Nation State Attacks

,06/07/17 16:21

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.

Read More
Andrew McKenna

Information Privacy, The General Data Privacy Regulation (GDPR) & Your Business

PCI, PA-DSS and P2PE, GDPR

,30/01/17 16:43

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.

Read More

Cyber Security Insights

Richard Jones
14/02/18 11:14

Foregenix Partner With Ground Labs To Strengthen GDPR Services

The clock is ticking and we are swiftly moving toward the GDPR deadline, with organisations of all shapes and sizes preparing themselves for the new ...

Read More

Jake Dennys
12/02/18 15:18

5 Steps To Make Your Travel Agency PCI Compliant

PCI compliance is no easy feat, it can be a challenge to obtain, but results in lasting consumer trust and peace of mind knowing their data is ...

Read More

Kirsty Trainer
07/02/18 12:34

Foregenix expands into Brazil with new São Paulo office

After an exciting growth period in 2017, we were able to officially launch Foregenix in Australia, extending our service delivery into the land down ...

Read More

Jake Dennys
06/02/18 09:30

Foregenix aim to help travel agents meet IATA accreditation deadline

Travel agents are in a  race against time to meet IATA’s deadline for PCI DSS compliance. They've been given the deadline of March 2018 to become PCI ...

Read More

Benjamin Hosack
05/02/18 13:45

Foregenix expands APAC presence with Dan Ball, Territory Manager. 

Foregenix has further expanded their APAC presence with the addition of Dan Ball to the team as a Territory Manager in Australia, with ...

Read More