Mobile and BYOD can increase productivity and agility, but can also allow end-users (or malicious users) to poke a thousand little holes in an organization’s defenses. Gaps or oversights in policy, process, training, and awareness can leave your company open to an unacceptable level of risk.
Getting past "fear-based" budgeting and focusing on the true cost of a breach can help management see security as something other than a "cost center". Here's some tips on how to make a business case for IT security.
Recently, the PCI Security Standards Council provided QSAs with a preview of some upcoming changes to the Data Security Standard (DSS) regarding the use of Secure Socket Layer v 3.0 (SSL) and its suitability for protection of payment card data; since then our QSA team has been awaiting an official pronouncement to clarify the scope and impact of the proposed changes.