加载中…

加载中...

个人资料
atsec_中国
atsec_中国 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:14,399
  • 关注人气:9
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文
作者:高向东

 

1 前言
按照PCI安全标准委员会(PCI SSC)(以下简称“标委会”)对于支付卡行业数据安全标准(以下简称“PCI DSS”)的更新周期以及伴随信息技术产业发展,在2016年4月正式发布了PCI DSS v3.2版本。作为周期性的新版本发布,该版本主要基于PCI DSS v3.1标准在使用过程中根据定期的社区会议所收集的各种信息反馈,对支付卡行业数据安全标准的要求进行完善,在本更新版本中并未产生重大的变化。PCI DSS标准主要是标委会针对持卡人数据环境可能存在的安全风险制定的一套覆盖数据安全各个方面的安全标准。


本文旨在通过新版本v3.2与旧版本v3.1之间差异变化的角度,对新版本所涉及的主要变化进行解读,使读者能较快地理解和掌握标准变更的主要方面。如需要了解所有的变更,感兴趣的读者可通过PCI标委会网站所提供的“ PCI_DSS_v3-2_Summary_of_Changes”以及“PCI_DSS_v3-2”的相应内容了解全部变更细节。

 

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

2016428日,支付卡产业数据安全标准(PCI DSS: Payment Card Industry Data Security Standard)最新版本的标准v3.2正式由PCI安全标准委员会(

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

作者:陈雅彬、高向东(atsec中国)
2016年4月

本文为atsec和作者技术共享类文章,旨在共同探讨信息安全业界的相关话题。未经许可,任何单位及个人不得以任何方式或理由对本文的任何内容进行修改。转载请注明:atsec信息安全和作者名称

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
In 1990  ISO/IEC JTC 1 sub committee 27 was formed in order to deal with ICT security, Not long afterwards SC 27 initiated Working Group
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
For several years the value of conformance testing against the FIPS 140-2 specification has been well accepted, and the assurance gained through validated conformance has been specified (with varying degrees of rigor) in several other markets. For example:
  • Other governments that recognize the assurance provided. Most noteworthy is Canada, who partners with NIST in operating the CMVP as a joint endeavor between NIST and the Communications Security Establishment of Canada (CSEC). There are  examples of others, such as the Japan CMVP which is part of the  Information-technology Promotion Agency (IPA). They developed and operate a validation program (similar to that used in the US and Canada) in support of procurement in compliance with the Japanese Standards for Information Security Measures for the Central Government Computer Systems.
  • Several Common Criteria national schemes who may often draw fr
阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec

incits

atsec information security corporation’s Vice President of Business Development, Fiona Pattinson, has been recognized today by the International Committee for International Technology Standards (INCITS) for outstanding technical contribution to the development of Cyber Security Standards in their CS1 Committee. During the INCITS meeting in Tampa, Florida, Fiona Pattinson was presented with a prestigious Technical Excellence Award in recognition for her long term contribution and dedication to the development of International and National Standards.

 

Fiona Pattinson receiving the award

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

Recognizing the need for secure IT products in all regions of the world, and in support of an internationally agreed Arrangement allowing for the mutual recognition of independently evaluated and validated information technology (IT) products, the Vatican has decided to sign the ISO/IEC 15408 International Recognition Arrangement (I2RA) and has started to validate the security evaluations of IT products.

Vatican City

The I2RA was established in 1996 and was used as the basis for mutually accepting certificates for the assurance of IT products. At that time it was in competition with another arrangement c

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

Cryptographic Algorithm Validations

The Cryptographic Algorithm Validation Program (CAVP) is an organization that is managed solely by the National Institute of Standards and Technology (NIST). Information about the CAVP scheme, including the official validation lists, can be found at NIST's web page for the CAVP.

The CAVP certifies that certain algorithms and related security functions are implemented correctly through testing supervised by accredited testing laboratories using test vectors. This testing supports verification of the correctness of the algorithm implementation.

The CAVP was instigated to provide assurance that cryptographic algorithms are implemented correctly in cryptographic modules. NIST statistics have indicated that close to 26% of algorithms tested showed errors in implementation that were corrected as a r

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

尊敬的女士/先生:

2016年3月23日和24日,中国支付清算协会、VISA、atsec将再次合作举办支付技术及信息安全研讨会。现将有关事项通知如下:


■培训对象:

商业银行、支付产业相关机构技术和信息安全部门负责人或业务骨干,本次研讨会规模约为200人。


■培训主要内容:
1.人民银行移动金融技术安全规范要求
2.全球支付风险新趋势和支付安全策略
3.全球支付卡安全产业动态
4.支付产业数据安全保护机制
5.支付账号安全防护新技术
6.金融行业信息安全综合保障
7.移动支付交易流程及风险防范


■培训讲师:
中金国盛、VISA、atsec等机构专家。


■培训时间和地点:
培训时间:3月23日9:00-17:00;3月24日9:00-16:30
培训地点:中国职工之家B座 三层多功能厅(北京市西城区真武庙路1号,电话:010-68576699)


■报名办法及要求:
本次研讨会名额有限,以报名先后为序,额满为止,请填写随附的报名表,并通过邮件提交参加学员姓名,联系方式,单位名称。报名成功,您将收到邮件确认。若名额已

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
(2016-03-02 12:45)
标签:

atsec

flash

I'm not exactly sure what to say about this...

 



阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 不良信息反馈 电话:4006900000 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有