What is ISO 17799, ISO 27000, PCI Credit Card Standard

2 Comments
December 9th
Security

For my System Security class we get to learn about ISO 17799, ISO 27000, and the PCI Credit Card Standard. When I first started looking up information about 17799 and 27000 I was a bit overwhelmed and confused by the information that is out there on the web. I felt much like I was trying to memorize a chart like this:
bad
Now I understand a bit better why there are so many software applications and business built around helping other businesses become compliant with these security standards.

So what are the ISO 17799, ISO 27000, and PCI Credit Card Standards?
They are a set of standards set forth by the International Organization for Standardization to ensure that consumer and customer data is kept safe. The ISO.org site says that the 17799 “contains best practices of control objectives and controls in the following areas of information security management:

security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management,  business continuity management, compliance.

In simple terms this means that businesses and organizations need to:

  • Make rules to protect their stuff and your data
  • Actually protect their stuff and workers
  • Keep others from stealing from them
  • Keep things maintained and running well
  • Keep the business running smoothly for customers
  • Make sure they are doing everything on this list correctly

I found it funny that the 17799, according to Wikipedia, is a word-for-word copy of the British Standard 7799-1. The 17799 was updated and renamed to 27002 to keep it up to date and grouped with similar documents numbered in the 27000 domain.

You can download the official ISO 2700 document from the iso website if you’re so inclined to read it or need it.

PCI Credit Card Standard

The PCI Credit Card Standard is a document outlining a standard to ensure that businesses that are taking credit card payments meet a minimum standard to ensure the safety of their customers and the associated data. The current standard covers 6 areas:

  • Have secure network
  • Keep data safe
  • Keep system up to date and secure
  • Good passwords & other access restriction measures
  • Watch network for failure and intrusion
  • Have a plan

What’s interesting to me about the PCI credit card standard is that it isn’t issued by a organization that has multi-national participation. It is run and enforced by the major credit card companies. If vendors aren’t compliant then the credit card holder is vulnerable and that isn’t good for the main credit card company because their customer will get hurt. In order for the credit card company to keep their good name and customers, they have set up a standard in hopes that their customers and money will be more protected. If a vendor isn’t compliant then the credit card company often fines or quits doing business with the vendor completely.

I think security standards are good in the fact that they push those who don’t care or who aren’t thinking about security, to do something about it. The downside to having security standards is that it creates an easy resting place for companies. It makes it easier for them to say, “I’m compliant so I don’t have to do any more than this”.  I think they can also misguide sometimes if the group making the standard focuses on a risk is in one place but an even greater risk ends up getting less attention.

Disclaimer:

This post is for a school assignment and I do not claim to be an expert by any means. I was assigned a topic I knew nothing about and tried to make sense of it and share what I learned in simple terms.

Resources:

http://www.noweco.com/risk/riske13.htm

http://www.pbandsp.com/tools/iso.html

http://en.wikipedia.org/wiki/ISO/IEC_17799http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

http://www.pcicomplianceguide.org/

http://www.computerworld.com/s/article/102913/Credit_card_data_security_standard_goes_into_effect

http://en.wikipedia.org/wiki/ISO/IEC_27000

Thoughts on Personalizing the Web Browsing Experience

1 Comment
December 9th
Kynetx, Web Design -Dev
Network WorldDave Kearns of Network World recently wrote an article titled “Personalizing the Web browsing experience” where he talked about what he had recently learned from Kynetx and shared his excitement for the future of context sensitivity. I thought it was a good article and wanted to share my thoughts in reply to his article.


“It’s really exciting to think about all the possibilities there are when you can create applications that act proactively based on contextual information that is available. Because the ability to create a contextually sensitive experience is soo new we are only seeing applications that are scratching the surface. We are in, what I like to call, the “baby sitting in a highchair throwing Cheerios” stage. As the concept of building a contextual experience grows and the technology that facilitates that spreads, we will see amazing applications that will blow our minds. The funny thing about all of this is, we will eventually look back on these times and wonder how we ever got stuff done with out context sensitivity.”

Geek and Poke Meets Kynetx

2 Comments
December 8th
Kynetx, Web Design -Dev

Geek and Poke

kynetx

One of my co-workers recently tweeted, “I really want to know how I missed this web comic. Hilarious!! http://bit.ly/7das6F“. That got me thinking about how much people do miss from their favorite comic sites or any site on the web for that matter. Of course you can subscribe to RSS and get all their updates but those who valiantly use and keep up with their feeds know how quickly it can become overwhelming. But what about all of the people who like sites or products but don’t know how to set up an RSS reader or who just don’t want to? How do you get your content to those people all the time without them having to type in your URL?

With Kynetx!!

With Kynetx you can customize the users experience on your website AND ANY OTHER WEBSITE YOU DESIRE!!

Are you getting excited yet? Are you listening or paying attention?! Are you thinking about the possibilities??!!!

In this example, if a user really loves the comic “Geek and Poke” why not make the content available to them anywhere they go on the web in unobtrusive manner? In fact, if you do it well, the users will be giddy with the results and love your product even more! It’s a little known secret that people actually like advertising. THEY DO! People love to buy stuff! What people actually hate is irrelevant and irritating ads that are in their faces. I took 3 sites and customized the users experience based on the context that they really enjoy the comic “Geek and Poke”.

  • Google.com
  • CNET.com
  • CNN.com

Here are the after and before photos of what the user will see as they visit these sites.

Geek and Poke on Google.com

Geek and Poke on Google.com

Geek and Poke on CNET.com

Geek and Poke on CNET.com

Geek and Poke on CNN.com using Kynetx technology

Geek and Poke on CNN.com using Kynetx technology

All the user has to do is download an Information Card into their Card Selector on their computer!

Check out this presentation by Kynetx to learn a bit more. (Make sure you watch it full screen. It looks much better!)

Home Page Tour Purpose-centric Web

View more presentations from knightfour.

If you would like to try it out for yourself, drag this bookmarklet to your bookmarks bar: Geek & Poke or click to download the information card below to your card selector.

Geek and Poke Information Card

Geek and Poke Information Card

Just visit any of the three sites with the card installed or click on the bookmarklet while on that page and you to can see the magic happen. ; )