I subscribe to Redmond Security Advisor and eEye Digital Security. And out of curiosity, where are you getting this being required for pci? Is it from the business itself or a pci requirement?
Who do you use to verify your pci compliance? They should have a security email list. We use Trustwave I think it's called, they do an external scan monthly on our ip addresses and report any vulnerabilities to us, and we also get security information emails from them. We also use Websense for internet monitoring/filtering/blocking and they have a very good email list for security alerts and such. And lastly, this list right here is an excellent source for security risks/quesions/alerts etc etc. A lot of the time when some new risk is discovered/revealed, I find out about it from this list first, then within a short time, some of the others that I subscribe to are sending out emails about it. On Tue, Aug 18, 2009 at 7:50 AM, Ralph Smith <[email protected]>wrote: > You could sign up for alerts from the National Cyber Security Division’s > Computer Emergency Readiness Team: > > > > *http://www.us-cert.gov/cas/signup.html* > ------------------------------ > > *From:* Benjamin Zachary - Lists [mailto:[email protected]] > *Sent:* Tuesday, August 18, 2009 2:47 AM > *To:* NT System Admin Issues > *Subject:* security updates/bulletins > > > > > > On our new pci requirement they want the staff to be on some security > update lists. I went to cisecurity.org and sans.org and didn’t see > anything special. I used to be on ntbugtraq and I suppose I could sign them > up for the Microsoft ones (they are 100% MS shop), just wondering what else > people are following in these areas. > > > > Thanks > > > > > > > > > * > > Confidentiality Notice: > > ****************** > > This communication, including any attachments, may contain confidential > information and is intended only for the individual or entity to whom it is > addressed. Any review, dissemination, or copying of this communication by > anyone other than the intended recipient is strictly prohibited. If you are > not the intended recipient, please contact the sender by reply email, delete > and destroy all copies of the original message. > * > > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
