Tag Archive for: standards

New industry-backed IoT security standards aim to improve device safety


New IoT security standards could make it easier to choose devices that are hardened against some of the most common vulnerabilities.

IoT covers pretty much any physical device which can be connected to a digital network. IoT devices like digital locks, smart speakers, home surveillance systems, and routers are increasingly common, but have frequently been flagged as at-risk to threat actors.

Source…

Yugabyte announces CIS benchmark for YugabyteDB to elevate data security standards


Member Article

First Distributed SQL Database Vendor to Complete the Benchmark

Yugabyte, the distributed PostgreSQL database company for cloud native applications, today announced that the Center for Internet Security (CIS) has published a security benchmark for the YugabyteDB database in collaboration with the Yugabyte security team. The new YugabyteDB CIS Benchmark introduces users of the open source database to security configuration and operational best practices to better protect their business-critical data, reduce the probability of data compromise, and enhance their cybersecurity posture. 

CIS benchmarks provide globally recognized best practices to guide security practitioners in effectively configuring, implementing and managing their cybersecurity defenses. Publishing the CIS Benchmark for YugabyteDB underscores Yugabyte’s commitment to enabling our customers to define, implement, and follow a comprehensive security program using their high-performance distributed PostgreSQL database solution. 

“As the digital landscape evolves, ensuring the utmost security and performance of your database is crucial,” said Maurice Olsen, Sr. Director, Information Security and Compliance at Yugabyte. “The CIS Benchmark for YugabyteDB showcases our commitment to meeting stringent industry security standards, as we provide our customers with a secure, highly performant, and resilient database, capable of safely managing a large volume of critical data.” 

CIS BenchmarksTM are consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. The CIS Benchmarks include more than 100 configuration guidelines across 25+ vendor product families. Benchmarks are created through a unique consensus-development process, where subject matter experts, security professionals, and technologists from around the world contribute to the development to help protect systems against threats more confidently. 

The CIS Benchmark for YugabyteDB was a collaborative effort between Yugabyte and the…

Source…

CREST introduces global initiative to boost cyber security standards


The international cyber security arena is set to be bolstered by an open collaboration and partnership initiative, introduced by CREST, the not-for-profit, industry representative body. The initiative, aptly named the CREST Community Supporter, aims to rally various organisations toward making a tangible contribution in improving the global cyber security industry standard. Its launch in July has resulted in the enrolment of the initiative’s inaugural nine Community Supporters.

The Centre for Internet Security (CIS), Cloud Security Alliance, Cyber Threat Alliance, Global Anti Scam Alliance, Global Cyber Alliance, Global Resilience Federation, ISC2, Stott and May Consulting, and The Security Institute have joined forces with CREST for this ambitious project. Their collective mission will be to foster capability development, capacity building, and consistent collaboration—an initiative aimed at enhancing trust and resilience within the digital landscape.

CREST CEO, Nick Benson, emphasised the role of collaboration in tackling the diverse challenges plaguing the cyber landscape. He said, “I am thrilled to welcome our first nine Community Supporters. To meet the vast array of challenges facing the world of cyber we must join forces and be serious about open and effective collaboration. Developing relationships and formalising them through our supporter initiative is key to our mission, and each of these fantastic organisations will play an important role in helping us build a globally resilient cyber security industry.”

It is expected that merging the strengths of the CREST membership—made up of cyber security service providers—and the newly inducted Community Supporters will promote a unified effort. This collaboration aims to address the pressing and complicated digital issues currently plaguing the globe.

The CREST Community Supporter initiative was launched to foster partnerships with bodies and organisations committed to raising global cyber security standards in alignment with CREST’s core mission and values. Becoming a Community Supporter offers many perks, such as deepened collaboration with CREST, marketing support, discounted event entry, and more….

Source…

PCI Releases New Payment Standards for Mobile Devices


PCI Standards
,
Standards, Regulations & Compliance

PCI MPoC Expected To Work Alongside Standard for Dedicated Payment Terminals

PCI Releases New Payment Standards for Mobile Devices
Image: Shutterstock

Payment card security group PCI Security Standards Council has a new standard aimed at allowing commercial devices to support multiple payment inputs including contactless cards and methods of cardholder verification.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

The standard allows for a single device to process contactless card data and a consumer-entered PIN.

Consumers across the globe increasingly use contactless methods for payment, and Aite-Novarica estimates 37.8% global growth in such payments from 2020 to 2021. Forrester, in an annual study conducted for the National Retail Foundation, concluded that most U.S. merchants already accept Apple Pay and PayPal.

The new standard – its official name is PCI Mobile Payment on COTS, or MPoC – is aimed at payment software vendors and service providers whose solutions range from applications used for accepting users’ account data to software deployed for back-end payment data attestation and monitoring.

”This was done in direct response to the feedback we heard from our community,” said Andrew Jamieson, vice president of solution standards at PCI SSC. “The PCI MPoC standard allows for both contactless card data and PINs to be entered into the same COTS device, for the same transaction, as well as supporting the use of external card readers if those are desired.”

The new standard is quite different than the council’s previous, separate standards for PIN entry devices and contactless payment devices, Jamieson said in an email to Information Security Media…

Source…