Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Wireless Checklist for PCI Compliance
While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible. Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment (CDE): (more…)
PCI Council Changes the Rules for PA-DSS Minor Changes
The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors. Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed by having a PA-QSA assess the changed portions of the application, without a complete revalidation. There are some important qualifying criteria, however, so keep reading for the details… (more…)
Incident Response — The Changing Face of Malware
When someone says “you have malware”, what do you think of? Do you remember the “old days” when a virus was simply an annoyance, blue screening Windows machines, slowing your machine speed, or popping up false firewall advertisements? Unfortunately, those “old days” are long gone. Malware has changed drastically in recent years. (more…)
Security Program Review
HALOCK’s Security Program Review is based on ISO 27001 and 27002. It provides a baseline of your current security posture. (more…)
Forensic Analysis
We get calls for forensic analysis and investigation for a variety of reasons. Sometimes it’s a breach and the client wants to find out how bad the damage was, if anything was taken, if there’s any leave behind like malware, etc. Sometimes it’s an internal investigation on an employee for suspected theft or for breaking a company policy. In all instances, discretion is absolutely required. (more…)
Network Security Engineering Services
One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services. (more…)
Rapid Malware Detection Assessment
You’re doing regular scanning, penetration testing, web app testing. You’re patching, you’ve implemented the latest and greatest. What are you doing for advanced malware threat protection? (more…)
Security awareness training should be mandatory for every organization
You’ve probably seen it in the past. Economy swings, business takes a hit. What’s one of the first things that gets chopped from the budget? Cyber Security Awareness Training. (more…)
Information Security Policies
Information security policies – Whoo hoo! Pretty exciting stuff! But seriously, if we didn’t have policies, where would we be? Civilization as we know it would cease to exist! We all have policies that we adhere to – personally, professionally, morally. (more…)
Penetration Testing
Why Penetration Testing is Essential. Servers, applications, remote users and other services, once connected to your network, pose a risk to your organization. Hackers and malicious users, both internally and externally, may attempt to exploit security weaknesses to gain access to sensitive information assets. (more…)