Discussions about PCI-DSS rules this year have focused on how effective the guidelines really are at preventing theft of credit card data. Recent survey data indicates merely following PCI does not protect a wide range of protected data.

In the newest episode of the eIQcast, eIQneworks Product Evangelist John Linkous provides an update on PCI compliance and how far it goes to actually keep credit card data secure.

Running time: 10:38

In this episode of the eIQcast, Mike Rothman dives into the nuances of file integrity monitoring and why it's an important aspect of both security and compliance. One of the first things an attacker is going to do is mess around with system files, so having some mechanism to ensure that system files, registry values and the like aren't tampered with is a big part of "reacting faster" to potential security issues.

Mike also discusses how eIQ's SecureVue security and compliance management platform provides this capability through it's newly updated agent technology, continuing to show technical innovation beyond simple security information and event management (SIEM) and log management solutions.

Running time: 10:41

In this latest episode of the eIQcast, eIQnetworks SVP of Strategy Mike Rothman discusses some of the challenges of cloud computing with Ross Levanto. Mike goes into the issues of maintaining visibility when networks and systems reside in someone else's datacenter, and some of the mechanisms eIQ is adding to SecureVue to help customers address this issue.

This coincides with the recent announcement from eIQnetworks regarding security and compliance management in the cloud. Check it out on http://www.eiqnetworks.com.

Running time: 11:40

This past Monday the U.S. Justice Department charged 28 year-old Albert Gonzalez with a series of crimes that resulted in the theft of more than 130 million credit and debit card numbers from late 2006 to early 2008.

The indictment places blame for several high-profile data theft incidents on a small group of individuals who found holes in websites used to transfer the credit card data. Basically, these folks have to be the best hackers out there if they were behind every high profile data breach of the past two years.

In the latest episode of eIQcast, Security and Compliance Evangelist John Linkous reviews the charges, talks about how retailers and consumers can protect themselves, and notes how the crime was carried out by exploiting a well-known (and extremely easy to replicate) web site security weakness.

eIQnetworks Senior Vice President of Strategy Mike Rothman just returned from Black Hat USA 2009 in Las Vegas, which took place from July 25-30, 2009. Mike has been to Black Hat many times, and the more things change, the more they stay the same. The presentations all lead to same conclusion: No matter who you are, where you are or how secure your network is, you are vulnerabile.

In the latest episode of the eIQcast, Mike discusses his thoughts about the latest Black Hat show, the leading attack vectors (like SSL, iPhones, and web apps), and other assorted topics with Ross Levanto.

According to published reports, one of the anticipated sessions at the upcoming Black Hat conference will show vulnerabilities within smart metering technologies that certain utilities are deploying to make the electricity grid more intelligent-- from energy production through consumption.

The big question is whether the vulnerabilities would put utilities out of compliance with energy industry regulations regarding security.

In the latest episode of the eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous for a review of what we know about the vulnerabilities and the current state of security compliance within the energy industry.

As noted in the previous post on eIQviews, the results of spring surveys show that security spending is down. While that's not exactly a surprise, it puts security managers in a pickle. Given the economic situation, how are they to keep their systems secure and compliant, especially since the regulations haven't change and the hackers don't take time off during a recession? That question is the subject of the latest episode of eIQcast, where Ross Levanto interviews eIQnetworks senior vice president of strategy.

Running time: 10:46

Since Your Working Toward PCI Compliance, Why Not Try to Make Your Enterprise Secure, too?

Events in 2009 provide further proof that PCI compliance is not enough to secure credit card information, yet PCI compliance is a major driver of technology purchases each and every day.

If the need-to-have products for PCI compliance are not enough for security, what are the nice-to-have products that can make an enterprise far more secure?

In the latest episode of the eIQcast podcast series, Ross Levanto asks eIQNetworks Product Evangelist John Linkous for his thoughts on the question. In the process, they discuss the features and functionality that IT and security teams can investigate as part of PCI compliance projects to greatly enhance the security of their systems.

During one of the most hyped keynotes at the recent RSA conference, President Obama's "cyber-security czar" Melissa Hathaway outlined at a high level plans for improved security within the federal government.

In the latest episode of eIQcast, Host Ross Levanto and eIQnetworks Product Evangelist John Linkous analyze Hathaway's comments and the industry's reaction to them. The report Hathaway recently completed and sent to the President has not been made public; it's expected that many of her recommendations will emphasize the need for ongoing monitoring of networks and security controls, as well as the need for the White House to step up its management of IT security across the entire government.

Editor's note: This episode was recorded on Friday, May 1, and therefore references the RSA Conference that ended on April 23.

Running time: 10:57

Recently the folks at Verizon Business released their annual data breach analysis report. From the RSA 2009 show, Ross Levanto and eIQ Product Evangelist John Linkous discuss the findings and help interpret what issues are identified by looking at the report.

Running time: 9:53