Future Regulation | Key Management and Payments Security Blog - Thales e-Security

Data Security and Key Management - Thales e-Security

  • How Many POS Security Documents Does One Need?

    By | August 11, 2010

    As the old joke goes, “the great thing about standards is that there are so many to choose from.” This certainly seems to be the case with point-of-sale (POS) devices, where there are now a number of overlapping initiatives aimed at improving payment card security. While this may seem to be unnecessarily redundant, it is important that POS vendors, retailers/merchants and financial services organizations understand how each of these initiatives relate to one another and how they can help keep sensitive information safe.

    Continue Reading
  • Has the EC got it right on data protection reform?

    By | November 15, 2012

    Earlier this year, the European Commission drew up a list of proposals for its overhaul of EU data protection legislation. Some of the new plans raised a few eyebrows, notably the ability for regulators to fine organisations up to 2 percent of annual income for serious data breaches and an obligation for companies to inform authorities of those breaches within 24 hours.

    Continue Reading
  • European data breach notification laws to affect all businesses

    By | February 22, 2010

    Keeping tabs on company data is now a greater challenge than ever before as organisations become more fragmented and store ever increasing volumes of data, often scattered across the enterprise. Consequently, the opportunities for data theft and human error are numerous.

    Continue Reading
  • KMIP comes true

    By | September 30, 2010

    Today is an auspicious day in the world of Enterprise Key Management: voting is about to complete on V1.0 of the OASIS Key Management Interoperability Protocol (KMIP) standard and indications are that it will be ratified as a full standard shortly (we hit the required 15% vote threshold early on 29th September, none against at time of writing).

    Continue Reading
  • Thoughts on the Proposed Data Security And Breach Notification Act Of 2010

    By | September 09, 2010

    Recently, a draft data breach bill "Data Security And Breach Notification Act Of 2010" has been proposed to the US Senate. The bill would amend the shortcomings of existing laws and require "covered entities" to increase security regarding personal information, monitor for vulnerabilities, mitigate such vulnerabilities and follow a more defined notification protocol should a breach occur. The draft keenly demonstrates the increased importance and understanding attached to information protection at the highest levels of power.

    Continue Reading
  • Understanding the new NERC CIP standards and how they can improve security

    By | October 08, 2013

    There is no doubt that increasing the security of our power infrastructure has been a priority over the past several years. The North American Electric Reliability Corporation (NERC), whose mission is to ensure the reliability of the Bulk Power System in North America, continues to advance cybersecurity standards with the introduction of Version 5 of its Critical Infrastructure Protection (CIP) standards.

    Continue Reading
  • The Black-and-White Firewall

    By | February 10, 2011

    What’s the difference between a police car and a firewall?  Not as much as you might think, it seems.

    Continue Reading