The UltraTech Zone

It has been a busy month or so for information security.  Apple has patched a vulnerability that was showcased in a recent hacking contest, Microsoft has released a major set of fixes in its most recently Patch Tuesday, and and Oracle (which now owns Sun) has not yet committed to patching a Java vulnerability on Windows that has been ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?”, and it highlights a common misconception about the role of auditing and auditors in the compliance process. The article is a follow-up to an interview with the CEO of Heartland Payment Systems ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?” , and it highlights a common misconception about the role of auditing and auditors in the compliance...(read more)

The more things change, the more they remain the same. Almost exactly two years ago, I posted an article about the general organizational obsession with regulatory (or industry) compliance, at the expense of proper information security.  Just today, I read an article on the CIOzone that asks: Does PCI Compliance Work? The point being made ...

Does fulfilling your regulatory compliance requirements actually lead you to be more secure?  Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary, unconnected or mutually exclusive with the quest to be secure? This is the heart of a ...