Foregenix-Logo-Horizontal-Colour
Free Webscan

Cybersecurity Insights

Andrew McKenna

How to test centralised logging

26/01/21 12:15

Introduction

This post touches on the inter-relationship between operational monitoring, logging, and file integrity monitoring. These are pooled together within a single post to illustrate these controls working together as a security system. Any information security framework (e.g. NIST CSF, PCI, ISO27000) will require each of these to be in place.

Read More
Andrew McKenna

Software Security Framework (SSF) - Overview & FAQ

06/01/21 10:00

In 2020, the PCI SSC released the Software Security Framework. This post is a brief explanation of how the framework is structured, some key dates and pointers on how this will impact you, and how to prepare.

Read More
Zacharias Pigadas

Reflections on the recent SolarWinds breach

17/12/20 14:59

So… 2020 is turning out to be the gift that keeps on giving. So much has happened within the last year both in InfoSec, and more importantly, in non-InfoSec, that we are pretty sure we will all be glad when 2021 comes along. With unexpected events coming our way in almost every single month of 2020, December has not failed to deliver.

Read More
Flavio Bonfiglio Sorans

The PCI Software Security Framework (SSF) is taking off!

17/12/20 10:32

As previously anticipated during the PCI North America Community Meeting 2020, Mastercard has announced that the Software Security Framework (SSF) will be incorporated to their Site Data Protection (SDP) Program Standards in Q1 2021.

Read More
Andrew McKenna

Point-to-Point Encryption (P2PE) Overview

16/12/20 10:00

This is a post to provide an overview of P2PE solutions, attempting to initially provide a high-level intro while continuing to delve into some more detailed and technical elements. The intent is to provide an understanding of what a P2PE solution looks like, what it consists of, and to demonstrate how the various building blocks fit together.

Read More
Andrew McKenna

How to test centralised logging

26/01/21 12:15

Introduction

This post touches on the inter-relationship between operational monitoring, logging, and file integrity monitoring. These are pooled together within a single post to illustrate these controls working together as a security system. Any information security framework (e.g. NIST CSF, PCI, ISO27000) will require each of these to be in place.

Read More
Andrew McKenna

Software Security Framework (SSF) - Overview & FAQ

06/01/21 10:00

In 2020, the PCI SSC released the Software Security Framework. This post is a brief explanation of how the framework is structured, some key dates and pointers on how this will impact you, and how to prepare.

Read More
Zacharias Pigadas

Reflections on the recent SolarWinds breach

17/12/20 14:59

So… 2020 is turning out to be the gift that keeps on giving. So much has happened within the last year both in InfoSec, and more importantly, in non-InfoSec, that we are pretty sure we will all be glad when 2021 comes along. With unexpected events coming our way in almost every single month of 2020, December has not failed to deliver.

Read More
Flavio Bonfiglio Sorans

The PCI Software Security Framework (SSF) is taking off!

17/12/20 10:32

As previously anticipated during the PCI North America Community Meeting 2020, Mastercard has announced that the Software Security Framework (SSF) will be incorporated to their Site Data Protection (SDP) Program Standards in Q1 2021.

Read More
Andrew McKenna

Point-to-Point Encryption (P2PE) Overview

16/12/20 10:00

This is a post to provide an overview of P2PE solutions, attempting to initially provide a high-level intro while continuing to delve into some more detailed and technical elements. The intent is to provide an understanding of what a P2PE solution looks like, what it consists of, and to demonstrate how the various building blocks fit together.

Read More