On June 30 2008, the new revisions to the PCI DCC v1.1 will become mandatory. The main item that may be of concern is in 6.6. Ensure that all web-facing applications are protected against known attacks by applying either of the following methods: Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security Installing an application layer firewall in front of web-facing applications. In the current listing of the specifications it is advised that these methods are considered best practices, but after June 30, 2008 they become mandatory. A lot of questions and concern have been brought up about this. Is every company going to have to have a line by line code[…]
Category: regulations
We have all heard about ISO 17799 and ISO 27001; ISO 17799 is being renamed to ISO 27002 and ISO 27001 was formally known as BS7799-2. If you haven’t and your reading this, stop now and go look them up. Here is a good place for an general overview. These standards are the basis of least requirement for doing business, when security is concern. Instead what you see are most companies, those that care and especially here in the US, are still in a phase of “working towards” meeting these standards. Very few western organizations have implemented or even looked at these standards. In Japan over 2000 companies have been certified meaning that Japan dwarfs any country by at least[…]