Nettitude Blog

Penny Lewis

Recent Posts

PCI Council Releases Version 2.0

Posted by Penny Lewis on Oct 28, 2010 5:16:55 PM

Feedback from global stakeholders shapes revisions; new standards and website ease implementation for merchants.
WAKEFIELD, Mass., October 28, 2010 — The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today released version 2.0 of the PCI DSS and PA-DSS. Reflecting input from the Council’s global stakeholders, this latest version is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants. Version 2.0 becomes effective on January 1, 2011.
The updated standards were the main topic of discussion at the Council’s Annual Community Meetings in Orlando, Florida and Barcelona, Spain where, in the last stage of the lifecycle process, stakeholders had the opportunity for final review of the standards. More than 1,500 people from 600 organisations around the world participated in these gatherings, adding to the thousands of pieces of feedback the Council received from merchants, banks, processors and the PCI community throughout the development process.
A summary of changes to the standards was shared with the market prior to the release, highlighting the main types of revisions that include clarifications, additional guidance and evolving requirements.
Version 2.0 does not introduce any new major requirements. The majority of changes are modifications to the language, which clarify the meaning of the requirements and make understanding and adoption easier for merchants. Key revisions serve to reinforce the need for a thorough scoping exercise prior to assessment in order to understand where cardholder data resides; promote more effective log management in securing cardholder data; allow organisations to adopt a risk-based approach when assessing and prioritising vulnerabilities that is based on their specific business circumstances; and accommodate the unique environments of small merchants to simplify their compliance efforts.
The standards, detailed summary of changes and supporting documentation can be found at https://www.pcisecuritystandards.org/security_standards/documents.php.
"The nature of the changes is a testament to the strength and growing global maturity of the standards as a framework for securing cardholder data," said Bob Russo, general manager of the Council. "I want to thank each and every individual and organization who contributed to the development of these standards. It’s their input that’s critical in making the PCI Security Standards an excellent baseline for protecting payment card data."
In addition to the standards documents, the Council has also launched a new website with updated materials and navigational tools aimed at providing its diverse stakeholders with the targeted information they need to understand the standards and how to apply them in their organisations. As part of a broader initiative to help small merchants develop their PCI security programs, it also includes a dedicated site for this key group with resources to address their unique environments.
The release of version 2.0 begins the new three year lifecycle for standards development, which streamlines the development process by aligning DSS, PA-DSS and PTS on a similar three year schedule. The lifecycle also allows for minor revisions or errata to be issued throughout the cycle as necessary.
The new standards are effective January 1, 2011, but validation against the previous version of the standard (1.2.1) will be allowed until December 31, 2011. This gives stakeholders more time to understand and implement the new versions of the standards as well as provide feedback throughout the process. However, the Council encourages organisations to transition to the updated version as soon as possible. From January 1, 2012 and moving forward, all assessments must be under version 2.0 of the standards.
The Council also invites Participating Organisations and the public to a webinar that covers the updated standards in greater depth, followed by a Q&A session with representatives from the Council’s Technical Working Group. Registration details can be found here:
November 9, 3:00 p.m. ET / noon PT (Participating Organizations only)
November 11, 11:00 a.m. ET / 8:00 a.m. PT (Participating Organizations only)
November 16, 3:00 p.m. ET / noon PT
November 18, 11:00 a.m. ET / 8:00 a.m. PT
For More Information:
For more information on the PCI Security Standards Council and how to become a Participating Organisation, please visit www.pcisecuritystandards.org or contact the PCI SSC Secretariat at secretariat@pcisecuritystandards.org.
About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.
The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organisations.

Read More

Topics: News, Uncategorized

Book NOW For PCI Security Seminar!

Posted by Penny Lewis on Sep 14, 2010 5:20:33 PM

Nettitude (www.nettitude.co.uk) is hosting a PCI seminar in conjunction with the PCI Council, and security partners nuBridges and Commidea. The event will take place on Tuesday 26th October from 9am at the Hilton Metropole in Birmingham, at the National Exhibtion Centre (NEC).

Read More

Topics: News, Uncategorized

Nettitude Secures Earls Court IT Deal

Posted by Penny Lewis on Sep 1, 2010 5:24:20 PM

Nettitude (www.nettitude.co.uk) has secured a one-year rolling contract with London exhibition and conference centre Earls Court and Olympia (EC&O).
Nettitude will support the venues IT infrastructure including services such as core networking; security; and wireless capability across the four-site complex.
Nettitude has worked with EC&O since 2003 and the latest contract acts as a one-year renewal of its services.
Nettitude Sales Director, Martin Watts said: “This contract win represents an important stage in the development of Nettitude - with yet another high profile project endorsing our capability to work to the very highest of standards and demonstrating our national presence within the UK. We are also delighted to work in partnership again with our colleagues at EC&O.”

Read More

Topics: News, Uncategorized

Nettitude & Coventry University Team-Up To Fight Cybercrime

Posted by Penny Lewis on Aug 1, 2010 5:27:14 PM

Graduates starting-out in any industry might find it difficult to get a job in the current economic climate, but for the graduates of information security, securing employment is almost impossible without them gaining the necessary work experience employers insist on. With this in mind, leading IT security specialists and high standards employer, Nettitude (www.nettitude.co.uk), has team-up with UK based Coventry University to help companies fight cyber crime and create the ultimate career ready graduate.
In 2008, Nettitude first began to work with the Department of Computing & the Digital Environment at Coventry University. It was the University’s unique courses in BSC Ethical Hacking and Network Security and MSC Computer Forensics that captured CEO Rowland Johnson’s attention.
“Coventry University offers some very strong Information Security courses, with a real application to many of the things that we do in our Compliance and Security Testing divisions. If we can help graduates to get there first step on that career ladder, along with much needed exposure to the security industry then we are keen to be involved. All of our interns and graduates are closely supervised and mentored so that they can gain some real world experience without actually working on live client environments.”
At the moment Nettitude has interns working within the business and is currently employing former students from the University's Computing department.
Twenty-one-year-old intern student Tim Nursall said: “I was delighted to be accepted onto the Nettitude internship programme. I had heard good things about the company through the industry and the university, so I didn’t hesitate to apply for the post. In order to get the trust of any company you need to have industry work experience and I am grateful to Nettitude for investing in me.”
The growth of the internet and networked computers has led to a revolution in information processing and electronic transacting. Unfortunately with this growth opportunities for electronic crime and computer misuse have arisen. There is a growing need for specialists in this area to work in companies advising on security requirements or to work with law enforcement. An emerging field is ethical hacking where companies test the strength of their security defences by employing specialists to try to break into their systems.
Coventry University is one of only a handful of further education centres in the UK that offers courses of this kind, however that figure is on the rise thanks in part to the internet and networking - but sadly with progress has come crime and abuse of the technology.
Senior lecturer Brian Moore from Coventry University said: “Our students are taught the ethics of preventing crime and how to be professional at what they do. I am pleased to say our graduate recruitment figures are extremely positive; however graduates looking to enter into the industry can sometimes be discouraged due to the lack of positions available to them if they have no trusted work experience. It is thanks to companies like Nettitude, who take on students preparing them for the real world and help to ignite their careers by putting their studies into practice.”

Read More

Topics: News, Uncategorized

Nettitude Achieves ISO 27001 Security Standard

Posted by Penny Lewis on Jul 5, 2010 9:45:14 AM

IT security firm Nettitude (www.nettitude.co.uk), today announced that it has received the ISO 27001 certification (International Standards Organisation). Nettitude was awarded the certification by the British Standards Institute (BSI), earning one of the highest certifications from one of the world’s leading management systems registrars.

Read More

Topics: News, Uncategorized

Nettitude Gets Crest Seal Of Approval

Posted by Penny Lewis on Jul 1, 2010 9:49:47 AM

Leading IT security specialist, Nettitude (www.nettitude.co.uk) is delighted to announce that it has been accepted on to the Council of Registered Ethical Security Testers (CREST).

Read More

Topics: News, Uncategorized

Investing In The Future Of Nettitude

Posted by Penny Lewis on Jul 1, 2010 9:47:40 AM

IT security firm Nettitude Ltd (www.nettitude.co.uk), has been officially recognised as an Investor in People accredited company.

Read More

Topics: News, Uncategorized

Nettitude Achieve Cisco Advanced Unified Communications Certification

Posted by Penny Lewis on Jul 21, 2009 9:51:43 AM

Nettitude (www.nettitude.co.uk) announces that after extensive work in conjunction with Cisco Systems, it has been accepted as a specialist Advanced Unified Communications partner

Read More

Topics: News, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Our experts use an award winning Threat Intelligence led approach that incorporates real-time data, ensuring that your company is protected at every stage of its journey.

Receive an update when we post!

Recent Posts