Home
     Careers
     Investors
     Partners
     Newsroom
     About Us
   CTG on Facebook   CTG on Twitter   CTG Jobs on Twitter
     Practices
  Markets
  Healthcare:
 Providers
 Insurers
 Life Sciences
  Manufacturing
  Financial Services
  Services
  Development and Integration
  EC/EDI
  Security Solutions
  IT Staffing
  Logistics
  Testing

The CTG Security Solutions team contributes to the security community through a variety of publications and public forums on security topics.

Recent events include:

  • PCI DSS Ambiguities and How to Overcome Them
    This video presentation addresses the questions that pose the greatest challenge to enterprises as they struggle to interpret the requirements; outlines recent and upcoming clarifications from the PCI Security Standards Council; and discuss strategies used in the field to reduce the complexity.
    By Ed Moyle. Registration required.

  • Straight Talk on PCI
     This PCI forum provides tactical advice on how to meet the requirements of PCI and provides practical guidance on how to integrate PCI into your overall compliance program.
    Click for Ed Moyle's presentations:
    "PCI: Setting the State for Success" (PDF 420 KB)
    "The PCI Audit: Requirements: 1-6" (PDF 432 KB) and
    "The PCI Audit: Requirements: 7-12" (PDF 180 KB)

  • Using ISO 27001 to Your Advantage
    Discover ways ISO 27001 can reduce costs, justify spending, rationalize compliance efforts, and boost confidence in your security efforts.
    By David Newell at the New York State Center of Excellence Information Security Seminar (PDF 435KB)

Recent articles include:

  • Before Making the Leap, Check Cloud Security - and Check Your Own
    Most of us are probably familiar with safe deposit boxes—you know, the secure storage areas that banks and post offices provide to keep things like jewelry and important documents secure. Even if you've never rented one yourself, chances are you're probably familiar with the concept: a safe place where you can put important and one-of-a-kind items so that they'll be protected should the unexpected occur in your home. Ask yourself this: Is a safe deposit box insecure because it's located and accessed from outside your home?

    by Ed Moyle published in TechNewsWorld

  • Improve Morale, Improve Security
    Times of high workplace stress can often cause employees to be less productive. When morale takes a dip, IT security is put at higher risk, as some workers may become indifferent to whether they're doing their jobs properly. IT managers should look at workplace morale as one more factor affecting a company's overall security risk situation.
    by Ed Moyle published in     TechNewsWorld

  • Save Yourself a Boatload of Hassle: Document
    Remember the "Scantron" sheets that you had to fill out in school for taking standardized tests—you know, the ones where you had to fill in the circle with a No. 2 pencil to mark your answer? Now imagine you're watching someone take a standardized math test—you watch as they spend 15 minutes calculating the answer to a complicated problem. Then, after doing all that, they move on to the next problem without filling out the little circle on the answer sheet. Can you imagine someone doing that on purpose?
    by Ed Moyle published in     TechNewsWorld

  • Back to Basics: 5 Things IT Could Do Better in 2010
    Well, it's November again—which means that it's just about time for this year's set of New Year's predictions. Every year around this time, everyone from antimalware companies to analyst firms line up to tell us about the top IT and security trends—what they are and why we should care. This year, chances are they'll tell us all about cloud computing, virtualization and social networking and why these technologies are the new best friends for security folks in 2010. Now if you're sensing a bit of snarkiness here, you're right—I find these lists a bit frustrating.

    • by Ed Moyle published in     TechNewsWorld

Other Articles...

  • Why It Pays to Second-Guess Your Technology Assumptions
    One of the many pitfalls of information security is the illusion of permanence that surrounds many longstanding tools, policies and ways of doing business. Too often, the fact that "it's always been done that way" clouds our judgment and blinds us to a system's holes. To avoid that mistake, it's time to learn how to second-guess yourself.
    by Ed Moyle published in TechNewsWorld

  • The 'Visual Yield' of Information Security

    Over the holiday weekend, a family friend introduced us to a great concept we hadn't heard before: The concept of "visual yield." It's a concept that I think anybody who's ever been involved in a home improvement project can understand and appreciate—and it has more to do with information security than you might think at first blush. The premise is that not all work is created equal, at least from an impact perspective.

    by Ed Moyle published in TechNewsWorld

  • Maybe the Policy Is the Problem

    Some security policies fail because they run counter to the ways human beings are socialized to act with each other. The classic example is the "no tailgating" policy many companies set for their buildings' entrances. Our natural inclination is to hold the door for others, but the policy mandates that we have to shut it in others' faces. Policies that factor in human nature are the ones that stick.

    by Ed Moyle published in TechNewsWorld

  • Out of Sight, Out of Mind? Security and the Home-Based Worker
    As more enterprise workers do their jobs from home or while on the road, the job of the data security specialist becomes more complex. These telecommuters and road warriors operate from various locations, and it's harder for you to control how they access corporate info, some of which may be highly sensitive. Rather than wait for them to ask "may I do this?" at every turn, make your policies known in advance.
    by Ed Moyle published in     TechNewsWorld

  • Beware of the Information Security Inertia Syndrome
    We all know that some things are easier to do than others. In fact, what separates an average manager from a great one is the ability to balance decisions based on two almost totally unrelated sets of criteria: ease of accomplishment on the one hand vs. value to the organization on the other. Think about it this way: A manager that only focuses on the quick-to-accomplish "low-hanging fruit" isn't going to last long because he or she is not focusing on what's critical to the organization and of the highest value.
    by Ed Moyle published in     TechNewsWorld

  • Is Your Staff Making IT Audits More Painful Than Necessary?
    Audits are an inconvenient though necessary fact of life for IT departments. Having outsiders poke their noses into your organization and look for things you're doing wrong will often put staffers on the defensive. Some may be evasive or less than candid when answering questions. However, transparency and cooperation are really what get auditors out the door sooner.
    by Ed Moyle published in     TechNewsWorld

  • Walking a Mile in Their Shoes: Vendor Security Questionnaires

    Regardless of whether you're on the enterprise side or the vendor side, if you've ever had to deal with vendor security questionnaires, you know what kinds of headaches they can bring. In order to get desired results and make the process less painful, try understanding where the other person is coming from.
    by Ed Moyle published in TechNewsWorld

  • It's Not as Bad as You Think
    IT security departments are far from immune to the factors buffeting the overall economy. Nobody likes to see shrinking budgets, but there may be a silver lining. When work slows down but jobs remain intact, security staffers have an opportunity for investment in the long-term: thinking strategically, building better methodologies and training staff.
    by Ed Moyle published in     TechNewsWorld

  • Security ROI is Not a Myth
    Working hard at being inefficient is not a path to success. Sometimes the difference between success and failure is having the courage to walk away from the "busy work" and take the steps to make that process better. It's a lesson that we in IT—and particularly in security—all too often fail to heed. There are areas in our organizations where we spend tremendous amounts of time and money keeping up—we spend so much time and energy running in place that we have nothing left in the reserves to move forward. We're boxed in by our own inefficiency.
    by Ed Moyle published in TechNewsWorld

  • Encrypt Now to Meet New Massachusetts Data Protection Law
    Right now, most states have some type of breach disclosure notification requirement. But some folks might remember when this wasn't the norm -- when there were only a few states leading the breach disclosure charge and the rest weren't there yet.
    by Ed Moyle published in SearchSecurity.com

  • Why Risk Analysis is Like Mowing the Lawn
    Like many kids, I hated mowing the lawn. Also like many kids, I was the go-to guy for lots of family landscaping. The worst lawn to mow of all my relatives was my grandmother's: it was big, it was weedy and rocky, and she still had a push-mower. But the strangest part of mowing her lawn was the neighbor down the street.
    by Ed Moyle published in TechNewsWorld

  • Read My Lips: No New Shelfware
    As an individual, the consequence of buying something you don't really need is usually that the thing spends years sitting in a corner and gathering dust. As a company, buying something you don't need can be much more severe.
    by Ed Moyle published in     TechNewsWorld

  • Yes, PCI Applies to You
    Think you don't need to be concerned with PCI compliance because you're not an e-commerce organization?
    by Ed Moyle published in     TechNewsWorld

  • PCI Sample Encryption Key Management Documentation
    In the four years since merchants were required to comply with the Payment Card Industry Data Security Standards (PCI-DSS), many firms still struggle with encryption implementation.
    by William Lynch and John Adams published in Help Net Security

  • Security Freebies for a Shrinking Budget
    Managing an IT budget is never easy, and current events on Wall Street make it even harder.
    by Ed Moyle published in     TechNewsWorld

  • Dark Data: What You Can't See Can Hurt You
    Many physicists theorize that the majority of the universe is made up of dark energy and dark matter—they can't see it, but indirect evidence repeatedly suggests it's there.
    by Ed Moyle published in     TechNewsWorld

  • PCI Version 1.2 Clarifications: How to Get An Early Start on Compliance Audits
    Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS) will clarify some points of contention that assessors, merchants and service providers have lived with for several years now.
    by Ed Moyle published in SearchSecurity.com

  • CSO: One Tough Job
    As an IT chief security officer, it's not enough that you do your job. You also have to build support, or else your peers will see you as a roadblock to be avoided.
    by Ed Moyle published in     TechNewsWorld

  • The Part-Time CSO
    Not all businesses—and certainly not many SMBs—can afford a dedicated, around-the-clock chief security officer.
    by Ed Moyle published in     TechNewsWorld

  • Security Metrics at the Grassroots Level
    Figuring out the state of your security program involves dealing with a lot of noise -- vendors, consultants, auditors and other outsiders whose message is coated with layers of personal bias and agendas.
    by Ed Moyle published in     TechNewsWorld

  • Nobody Likes a Liar
    Even if it's not deliberately fibbing, a company that doesn't adhere to its own security policies is essentially dishonest—it's not doing what it said it would do.
    by Ed Moyle published in     TechNewsWorld

  • Don't Panic: Accounting for Human Nature in IT Disaster Response
    IT managers often account for possible panic among personnel when they plan out disaster preparedness scenarios. However, the opposite of panic can be just as bad.
    by Ed Moyle published in     TechNewsWorld

  • Tough Questions on PCI DSS: Private Networks, Self-Assessment and Segmentation
    Answers on real-world PCI compliance questions on topics including private networks, self-assessment, segmentation and more.
    by Ed Moyle published in     TechNewsWorld

  • IT Auditing Shouldn't Be 'Groundhog Day' All Over Again
    Keeping records of past audits can help streamline things in terms of finding the right people and documenting how to get access to evidence, but it's only the first step.
    by Ed Moyle published in     TechNewsWorld

  • The Long Haul
    We have to ask ourselves, given the reality of information security as a discipline, how can we set ourselves up to succeed strategically?
    by Ed Moyle published in     TechNewsWorld

  • Future-Proofing Vendor Management in the IT Shop
    If your organization is like most, you've probably invested heavily in consolidating how it tracks, evaluates and governs third parties.
    by Ed Moyle published in     TechNewsWorld

  • Designing a PCI-Compliant Log Monitoring System
    Log monitoring activities are an integral part of Requirement 10 of the PCI Data Security Standard and it can be difficult to understand how the different logging portions of Requirement 10 interrelate.
    by William Lynch published in Help Net Security

  • Risk Mitigation for Legacy Windows NT 4.0 Systems
    Arguably one of today’s biggest risks for network security and compliance are lingering systems that are no longer supported by their vendors. The security flaws in these systems may have been widely known for years, as is the case with Windows NT 4.0.
    by William Lynch published in Help Net Security


 

   Security Solutions 

  Overview
  Services
   Security Assessments
   ISO 27001
   Payment Card Industry
   Security Breach
Disclosure
   Business Continuity
Management
   Government
  Information Resources
   White papers and
Newsletters
   Articles and Events
  White Paper
Subscriptions
Copyright CTG, 2010. All rights reserved.