Friday, November 12, 2010

The PCI Security Standards Council Updates PCI DSS (V2.0)

Changes are logging-focused & intended to help businesses improve compliance and security

The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.  

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside.  In fact, the council is pushing hard for centralized logging, stating that:

“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff.  It is a "proven fact that every time we find a breach, it’s always found in the log.”

This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order. 

This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.

There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.

The new versions will become effective Jan. 1. For more information, you can click here

For more information about the XYGATE Solution, visit www.xypro.com.

Wednesday, November 3, 2010

CTUG 2010

The much anticipated CTUG (Canadian Tandem User Group) has come and gone and, as expected, was a great success for all in attendance. Content for this year’s event was excellent with a great update from Randy Meyer on the state of HP NonStop, growth, and technology advancements. It is always great to hear from the proverbial “Horse’s Mouth” and also reassuring that HP NonStop is not only surviving, but thriving!

Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.

Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.

As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.

XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.

CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.

The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.

More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.

As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.

Barry Forbes

XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG