Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Incident Response & First Responders
Incident Response & First Responders. Being in information security sales, we’ve all taken the call from a client who’s been breached. They’re usually in a bit of panic, high pitched voice, short, staccato sentences. Best thing to do is calm them down, and advise them they’ve already taken the best first step, which is to call their information security partner! We’ll throw on our superman (or woman, I’m not biased) costume and be there in 10 minutes! (more…)
What Is Data Loss Prevention (DLP)?
A quick Google on “Data Loss Prevention Definition” results in the following definition from a couple different sources: (more…)
Importance of maintaining network documentation for PCI Compliance
Maintaining network documentation for PCI Compliance. The PCI Data Security Standard (PCI DSS) is a set of about 200 prescriptive technical and process-centric requirements intended to help organizations proactively secure credit card data. Entities that store, process or transmit credit card data, including merchants, service providers and card issuers of all sizes, are required to comply with the PCI DSS. (more…)
Understanding PCI Service Providers
One of the common misunderstandings we’ve noticed among merchants is in relation to the proper definition of a PCI Service Provider. Most companies understand that if they share cardholder data with a third party, that entity is a Service Provider and needs to be covered for DSS requirements 12.8.x. But there’s another class of Service Providers that often gets overlooked… (more…)
Defining the Scope for PCI Compliance
As most people familiar with the PCI Data Security Standard would agree, properly defining scope for PCI compliance is a key success factor in achieving compliance with this challenging set of requirements. Network segmentation, if properly implemented, can limit the scope of applicability for the PCI DSS to a subset of the network and systems in an organization. Unfortunately, many companies inadvertantly define the scope for PCI improperly due to some common misunderstandings related to the rules for PCI compliance scope definition. (more…)