On December 6th I presented on a teleconference with Prat Moghe from Tizor. Prat presented some new analysis on the source of data loss. He considered not only the source, the intent, and the volume of data breached per category. To not steal his thunder – there were surprising findings in the results when different lenses are applied to actual breaches.
The best part of the presentation is the Q&A session of the presentation. Which when you listen to the archived version you will find them starting around 12 minutes into the slide deck. As you can tell with an hour teleconference, there is only a short bit of time spent on the introductions. I advise any retailer dealing with PCI DSS to listen to this teleconference.
Top points I want to highlight:
- Business usage of data commands appropriate controls – methods of satisfying these needs to be aligned with the company, and are raised during the teleconference
- Internal versus External attackers is not the true threat, but the threat is only who has access – applications, users, partners, etc.
- Avoid complexity through segmentation and business functions that align with access rights
- For more information on topics such as – are your encryption technologies adequate, how do you handle multiple users accessing systems, managing online interconnected systems, and more please give a listen.
Link to the Teleconference Archive HERE (Registration required, gotta cover those costs) As always – add comments or send feedback Best,
James DeLuccia IV