Jaime Chanaga, CISSP, CISA

On September 7, 2006, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the creation of an independent council to manage the Payment Card Industry (PCI) Data Security Standard.

For more information on the PCI Security Standards Council, LLC you can visit their website at:  https://www.pcisecuritystandards.org

The PCI Security Standards Council also announced the lastest version of the PCI Data Security Standard version 1.1 available for download at: https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm

Natural disasters can quickly surpass the best laid plans for disaster preparedness.  Recently this week, the Northeastern United States was faced with flooding from Pennsylvania to Maryland.  As I watched and read some of the news reports, I thought about how small businesses might cope with such disasters.  How do small businesses protect their vital business data that might be stored on computers?  Beyond the basic tape or CD-ROM disc backups that most small business owners are familiar with, there are other alternatives that may be useful to consider. 

Remote backup or on-line backup services provide a good alternative to physical media backups.  The downside to physical backup media is that it may be lost in cases of fires or floods.  On line backup services provide a secondary backup alternative that can securely store data hundreds if not thousands of miles away for small business users. 

Here are some on line services to consider:

www.backup.com
www.usdatatrust.com
www.xdrive.com

Having lived in central Pennsylvania, it is heart wrenching to see some towns that I'm familiar with, flooded, and homes filled with mud and water. My thoughts and prayers are with the residents of all the disaster areas.

The SANS Institute provides an invaluable resource called the Reading Room at http://www.sans.org/reading_room/.  At this site you will find research papers written by GIAC certification candidates on various topics of information security.  The papers are published and available for download free of charge. There are over 1588 original research papers that cover over 71 categories of interest in the field of computer and digital security.

With all the recent concerns over phone record privacy, there may be a new solution in the horizon for encrypting voip (voice over IP) telecommunications.

Philip Zimmermann, creator of the highly popular Pretty Good Privacy (PGP) encryption software, is currently working on a software based "secure telephone" that would work with popular voip applications.   Although the software is currently in beta testing, it will significantly add to the strength and complexity of encryption available to consumers today and which had only previously been reserved for large multi-national corporations or government agencies.  VOIP security for the masses is coming!

For more information visit:  http://www.philzimmermann.com/EN/zfone/index.html

Philip Zimmermann, thank you for once again giving the on-line community the gift of more secure communications in the promise of Zfone.

Jaime

Executives in leadership roles need to have a clear understanding of the information security risks that their organizations face.  One of the most important aspects of leadership today is leadership by example.

One CxO with whom I worked with, strongly supported the creation of information security policies and procedures for all employees of his organization.  The organization created strong, balanced, and fair security policies--one of which prohibited the use of instant messaging software applications at work.  However, the CxO insisted that his laptop computer be exempt of the ban on instant messaging, so that he could communicate from work with one of his children who was attending a college in another state.  The CxO failed to understand that information security was everyone's responsibility and the increased risks to the organization by their actions.  The CxO failed to understand the lessons as an end user and consumer, first and foremost.

All of us as consumers and end users, can benefit from practical information security guidance.  Here are a few resources on the risks we face online.

A not-for-profit 501(c)(3) organization, the National Cyber Security Alliance (NCSA) is the go-to resource for cyber security awareness and education for home user, small business, and education audiences.   http://www.staysafeonline.org

OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.   http://www.onguardonline.gov

U.S. Federal Bureau of Investigation's (FBI) Cyber Investigations division has practical updated information on electronic scams (E-scams), common internet frauds, and useful advice for Parents on the dangers children face online.   http://www.fbi.gov/cyberinvest/cyberhome.htm

Dear Readers,

Below is my *preferred* PGP key for those who may wish to communicate with me in a secure manner via email.

Click here: Download jaime_chanaga_cso_rsa.asc

Sincerely,

Jaime

Dear Readers,

Below is my legacy format PGP key for those who may wish to communicate with me in a secure manner via email.

Click here:  Download jaime_chanaga_cso_dss.asc

Jaime