Here are some more information for Universal Pci:

Information Security & Compliance "Made Easy"

There is no mystique about Information Security and Compliance. Most of what you are told by many security specialists would not lend you to believe that Security & Compliance is something that anyone can understand (Common sense plays a big part).  We (security specialists) tend to throw out the typical buzz words to dazzle those with whom we are speaking with, such as: Mitigation, Vulnerabilities, Risks, End Point Security, Perimeter defenses, BCP, DRP, VPN, IPSec, Encryption, IDS, IPS, Firewalls, Anti virus, Worms, Routers, Switches and so on………………. In a room full of security geeks this is fine, but in a room of doctors, lawyers, business executives it just doesn’t fly. They just want to know that they are protected from all the bad people. As a security specialist you are expected to show senior executives what types of risks that can impact their environment and level of probability with a bunch of charts and pictures. Present an assessment of where they stand today. Show a staged plan for remediation of those risks that are impacting and progress reports (score cards) on a monthly basis of your remediation efforts.  Keep everyone informed (Open line of communication).  But the most important thing is to show business leaders WHY they need to have a security program in place. HOW it will affect them not only from a regulatory obligation but also from a business reputation standpoint. Word spreads fast if your business is compromised by outside or inside attacks.

Where do I start?

With a competent security leader in charge, he/she will be able to create a security program using multiple certified  frameworks (there is no magic involved). Competent is someone who understands security from both a strategic and tactical approach. This person needs to have both a business and technical aptitude as it relates to security mitigation controls (hardware, software) along with procedural and policy driven controls for data security.  Does this person need to be a college graduate from an accredited university in computer science? NO! This need’s to be someone who has been in the field of technology; Operational infrastructure, Network Controls. Someone, who at one time touched these structures and understands fundamentally the functions of both the hardware and the application side of Information Technology, along with an understanding or Compliance (regulatory requirements) such as; HIPAA, PCI, GLBA, SOX.  And, if this person happens to have a college degree on top of this, then that is considered a plus and not a first requirement. 

There are many frameworks that are industry certified to help define your level of security risks in regards to types of risks you may be susceptible too.  Frameworks such as ISO27001/2, BS17799-1/2 are key to helping you build your security program and sustain a level of confidence when it comes to data protection.  These frameworks cover areas of: Security Policies, Organizing information Security, Business Continuity Management, Communication and Operations Management, Compliance, Physical and Environmental Security, Asset Management, Human Resources Security, IS Incident Management, Information Systems Acquisition/Development and Maintenance, Access Control.

What does it take to understand my business environment as it relates to security risks and required protection?  How do I succeed?

One key element for determining risk to your data is to ‘KNOW YOU DATA!’

Without elaborating on how to know your data (Data Classification), this alone is a topic for another session, but one that is key to Data Protection.  I will touch upon this topic briefly (my paper on ‘The Plan Before The Plan’ details the need for data classification).

Data is an asset.  It has value. It therefore follows that somebody must own it.

For example, the Federal Financial Institution Examination Council (“FFIEC”) guidelines state that data classification should be an element of an enterprise’s risk assessment process.  Other examples abound, and are continually growing in number.  Virtually every organization has some obligation – from one or more regulatory sources -- to ensure that stored data is protected from deliberately or negligently unauthorized disclosure, misuse, or modification.

Such mandates help when identifying the relative value of data.  Every organization must find ways to deploy its resources to protect data.  And you must always make choices: The higher the value, the higher the risk to your organization if that data were to become nonrecoverable.

The reason that most industries are in panic mode for protecting their data, is because of regulatory controls that are driving data protection. If you are in the finance business, along with SOX, you may be held to the GLBA (data privacy) and PCI(Payment card) requirements of how consumer data is to be safeguarded. There are specific controls around PCI alone that are mandated by Visa/Master Card that if not met can result in stopping you from processing Credit Card transactions. PCI has what we call the Dirty Dozen controls list of requirements. Each one of these controls have unique requirements on how you process and store consumer data.  If you are in Health Care in anyway shape or form(Hospital, Business Associate, Doctors Office, Medical billing vendor), you may be held to the HIPPA requirements for protecting patient data.

It all comes down to protecting the data. No matter the industry. If there are regulatory requirements that are the drivers or corporate mandated controls, the same types of mitigation processes will do the job. Buying hardware and software to mitigate against internal and external compromises is the easy part. The hard part will be changing your culture. We don’t do things the same as we did 20 years ago. The business changes and the level of risks also increase. A strong governance body is needed to drive the enforcement of security. Without this piece, there is no need for a security team.  

About the Author

Peter Gallinari, CHS III, has 32 years experience in information technology in such diverse industries as healthcare, publishing, and financial services; and was a member of the GNYHA Committee (NYCLIX). He served as Chief Security Officer of GE Capital, managed its IT Division, and headed up its Business Continuity and Disaster Recovery. He holds several security certifications from SANS Institute, ICS(2), and American College of Forensic Examiners for Homeland Security. He also holds certificates in Six Sigma and disaster recovery disciplines. Peter is famous for a song he wrote and performed for the victims of the Indonesian tsunami disaster, Oklahoma Disaster, Virginia Tech Shootings. He has performed with members of KISS, Toto, Leslie West & Mountain, David Letterman Show (Anton Fig, Vanilla Fudge (Carmine Appice), Blue Oyster Cult (Joe Bouchard), Alice Cooper (Dennis Dunaway) and many others.
Contact: Songtyme@aol.com

Can AGP cards work on Motherboards with PCI-E version motherboards ?

I got an ATI Radeon x1650 PRO (VPU) video card and its a agp.

It can't be both. Look at it: it's like this http://en.wikipedia.org/wiki/Agp or like this http://en.wikipedia.org/wiki/PCI_Express .
Next look at the motherboard of your pc and compare the slots with the photos

v-GO SSO Integrates with Microsoft Forefront Identity Manager 2010, Enabling Single Sign-On Access to All Applications
NEW YORK----Passlogix®, Inc., today announced the integration of v-GO® Single Sign-On ™ and related components of its v-GO Access Accelerator Suite with Microsoft Forefront Identity Manager 2010, the recently released successor to Identity Lifecycle Manager 2007.

Thanks for visiting!