Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Security Resolutions for the New Year
As we welcome in the New Year, it’s common for people to make a few New Year’s Resolutions. Let’s make a few New Year’s Information Security Resolutions! This year I challenge you to resolve to do the following: (more…)
Filling out the SAQ
I’ve heard so many variations on what it means to fill out the self-assessment questionnaire (SAQ) that I wanted to provide some clarification. First off, filling out the SAQ (regardless of which type) does NOT make you PCI compliant. You check boxes on the SAQ and that actually means something. It means that you are attesting to the fact that you are doing the necessary things to be in line with the PCI DSS, and can prove it when asked.
Many people think that simply because they only have a certain number of questions to answer, that only those items of the standard apply to them. The bottom line is this – every merchant that accepts credit cards is required to be compliant with the PCI DSS. The entire standard. For those of you that have fewer than 201 questions on your SAQ, you still must be compliant with the entire standard.
The Standards apply to all organizations that store, process, or transmit credit card data. If you’re unsure whether or not you are compliant, call us here at HALOCK Security Labs and ask for some help – that’s why we’re here!
What IS a QSA?
QSA stands for Qualified Security Assessor, and they are certified by the PCI Security Standards Council. QSAs are tasked with providing guidance and validation to the DSS. QSAs are special in that they have been certified for their knowledge and ability to advise on the PCI DSS specifically. There are roughly 800 QSA individuals in North America and their function is to assist merchants and service providers in getting PCI compliant and validating that compliance. (more…)
Vulnerability Scan vs. Penetration Test
If you’re doing your quarterly vulnerability scans you may be wondering if that is the same as a penetration test or if you really need to do both. (more…)
Security Policy Framework
Let’s talk about information security policy frameworks!! Hmm, did the room just clear? (more…)
Strong Password Management
Do you ever log into an application and it asks you to change your password for what feels like the 5th time this month – what is your password management? (more…)
Information Security Management System
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again. (more…)
Where does Data Loss Prevention (DLP) fit into a Risk Management Framework?
As stated in a previous post, effective Data Loss Prevention (DLP) will be an important component of an overall Risk Management Framework. The Risk Management framework should include the following: (more…)