Navigating Cyber Risk Management Options in the Modern Era
Every business inherently faces some degree of risk. It is, ironically, an essential component of success. Establishing a digital presence offers numerous opportunities but also introduces significant risks. While it would be ideal for best-of-breed cybersecurity tools to halt all cyberattacks, such an expectation is currently unrealistic. The objective then is to implement cyber (more…)
Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1
By Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM
Principal Consultant, Governance, Compliance and Engineering Services
Did you see that version 4.0.1 of the PCI DSS that was recently published?
Within the updated document you will notice that requirements 6.4.3 and 11.6.1 have a new applicability note:
6.4.3 – “This requirement also applies to scripts in the (more…)
PCI SSC North America Community Meeting and Reducing PCI Scope
The PCI SSC North America Community Meetings bring together the brightest minds in payment security. This year’s event took place in Boston, MA on September 10-12. The theme is ‘Shaping the Future of Payment Security‘.
With the release of PCI DSS v4.0, and changing purchase environments, professionals are keen to understand best practices – especially in the area of reducing PCI scope. Toast, Target, and HALOCK (more…)
Cyber Forecasting Model Discovered in Verizon’s Incident Data
HALOCK Security Labs was recently recognized for their contribution to the 2024 Verizon Data Breach Investigations Report (DBIR) having found a way to practically apply Verizon’s raw data for risk assessments.
HALOCK’s HIT Index (HALOCK Industry Threat Index) uses Verizon’s crowd-sourced dataset known as the VERIS Community Database (VCDB). It contains over 10,000 breach records with more than 2,500 columns detailing the characteristics of each attack. (more…)
Guidance Related to PCI Compliance Scope for eCommerce Outsourcing
What is in Scope for eCommerce Outsourcing?
by Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM
When an organization outsources their eCommerce environment to a third-party service provider (TPSP), the integration method used has a drastic impact on that organization’s PCI DSS compliance scope and applicable PCI DSS requirements. However, this was (more…)
WEBINAR: 2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your Organization
The Verizon 2024 Data Breach Investigations Report (DBIR) is widely recognized across the cybersecurity industry for its comprehensive analysis of the global threat landscape, based on real-world data from actual security incidents and breaches. It serves as an authoritative source of information for organizations seeking to enhance their cybersecurity defenses and make better informed-informed risk management decisions.
This year’s report takes a deeper look at (more…)
Assessing Cyber Risks Using Verizon’s VCDB
When Verizon Business decided to publish their DBIR they had been amassing cyber incident data for years through their incident response and forensics investigations team. They decided to publish the trends they were seeing in a format that was both informative and engaging so we could learn how to protect ourselves.
Then in 2010, the Verizon DBIR (more…)
RSA Conference: Techniques to Evolve Risk Governance and Comply with SEC Cybersecurity Rule
RSA Conference 2024
This year’s RSA theme was The Art of Possible. It emphasized what we can do together – “To succeed at cybersecurity, we must go beyond ones and zeroes. Staying ahead of today’s threats and foreseeing tomorrow’s challenges requires trusting our intuition and collaborative experiences. Our collective strength lies in the bonds we build and the wisdom we share shaping a resilient (more…)
HALOCK Radio Episode 3: Talking with Greg Warren
Watch podcast interview now with Greg Warren and the HALOCK Radio host Terry Kurzynski.
TRANSCRIPT
Terry Kurzynski 0:07
We have HALOCK Radio as we interview information security leaders and today we have Greg Warren from Standard (more…)