To protect against dangerous hacks that can lead to thefts of business data or customer identities, best practices are set forth in the Payment Card Industry Data Security Standard (PCI DSS). These 12 steps set up a framework for a secure payment environment.
Managing security requirements from early phases of software development is critical. Most security requirements fall under the scope of Non-Functional Requirements (NFRs). In this article, author Rohit Sethi discusses how to map NFRs to feature-driven user stories and also how to make security requirements more visible to the stakeholders.
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.
Security concerns plague cloud consumers so how should these concerns be addressed? This article introduces the basic principles and patterns that should guide a cloud security architecture.
Answering: What are the cloud computing benefits, public or private clouds, providing infrastructure or a platform, how can a client enforce regulatory compliance, and others.