Press "Enter" to skip to content

Month: October 2018

FSSCC releases new tool to streamline compliance efforts

The FSSCC released a new tool that hopes to reduce the number of hours spent answering redundant security control questions. Like the ACAT tool, the new Cybersecurity Profile attempts to determine an institutions risk impact level. The main difference is the ACAT attempts to define the scale of the risk based on organization size, whereas the Cybersecurity Profile attempts to define the impact of the institution on everyone else. Much like how NERC attempts to establish a utility’s impact on the greater grid before applying controls, the FSSCC’s modifies some controls based on the impact assessment results.

Uncover credit card numbers with PANHunt

It’s always good to know where random credit card numbers live on your network, even if PCI compliance isn’t a concern for you. Any unencrypted credit card information should be purged from the network to prevent accidental disclosure. I have used grep and Nessus in the past for these audits, but both where lacking in their functionality. Fortunately, I recently stumbled across the PANhunt repo on GitHub.