Security, PCI, Cybersecurity, InfoSec, DSS, PCIDSS4.0, PCI Community

Notes from the 2019 PCI Community Meeting

The Online Team and I had a great time at the PCI Community meeting last week, set in the spectacular environs of Vancouver BC. We ate and drank, pontificated, watched ferries and seaplanes come into the harbor (my inner 8-year old self couldn’t resist and I booked a flight out on one), and had a generally spectacular time networking with old and new friends in the payment security space.  While there were far too many interesting presentations and conversations to put into one place, I had a few takeaways that I felt were worth sharing. In no particular order:

Read More
By Tony Fulda on Sep 25, 2019 3:39:20 PM
Risk Assessments, Security, Cybersecurity, Hacker, Risk, RSP, hacking, pen testing

Tribe of Hackers - Red Teams & More

Online is proud to feature a chapter from Tribe of Hackers, written by Marcus J. Carey and Jennifer Jin. Our very own security expert Jeff Man shared many insights and stories in chapter 25 of this highly acclaimed book.

Jeffrey Man is a respected information security expert, advisor, evangelist, and co-host of the security podcast Security Weekly. He has more than 35 years of experience in all aspects of computer, network, and information security. Jeffrey has held various information security roles within the DoD as well as private sector enterprises, is a former PCI QSA, and was part of the first penetration testing red team at the NSA.

Read More
By Jeff Man on Aug 29, 2019 5:50:02 PM
Security, Digital Transformation, Cybersecurity, AI, Online Business Systems, Digital Business transformation, Cloud Deployment, RSP

How to Avoid Risky Business

At Online Business Systems we have our feet in two different worlds – Digital Transformation and Cybersecurity. As you can guess, we get a lot of questions about how to plan for and incorporate a security strategy when designing and executing a digital transformation project (e.g. process automation, transforming to a paperless organization, incorporating AI, or a cloud migration.) I have read quite a few articles and blogs written on this topic recently and had a few thoughts of my own based on my experiences being on the front lines where we’ve seen security done well (and also, unfortunately, not so well.)

Read More
By Tony Fulda on Aug 1, 2019 1:19:37 PM
Security, email scam, gift card, phishing, phishing attempts, Amazon

The Gift (card) That Keeps on Taking


So, let me tell you a story.  This is a true story.  A personal story about a request I got from someone who is near and dear to me.

These kinds of requests are becoming more and more common and so I wanted to share what happened so that you can recognize it when somebody comes knocking on your door (or email) with a similar ask.  Who would suspect that a gift card could be the tool of a phishing attack?  You should.

 

Read More
By Steve Levinson on Apr 18, 2019 5:05:12 PM
Security, RSA, RSAC2019, Helen Mirren

RSA 2019 Recap

RSA week is always a busy time of attending presentations and training sessions, exploring the [newly expanded] Expo Hall (700+ vendors), checking out what’s new in the Early Stage Expo (aka the Sandbox), catching up with old friends/colleagues/customers, and being enticed to attend way too many parties/receptions every evening.

Read More
By Online Team on Mar 15, 2019 1:41:01 PM
Security, Healthcare, Information Security, CISO, HIPAA, Risk Management, Medical Device Security

Health Information Security - Five Tips to Consider for 2019

This past year saw a continuation of established trends in cybersecurity. Breaches continue to rise, attackers are getting more sophisticated, and the market continues to be flooded with silver bullets that promise to solve all enterprise security problems in one fell swoop.  As an organization, Online works with hundreds of organizations, many in healthcare and have learned a few things. Here are five things we learned in 2018 that you and your organization should consider for moving forward:

Read More
By Adam Kehler on Feb 7, 2019 11:11:55 AM
Security, PCI, InfoSec, DSS, Payment Gateway, credit cards, debit cards, IDS/IPS, CDE

PCI DSS: When to Test Controls & Functions

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

Read More
By Jeff Man on Jan 3, 2019 4:51:51 PM