Category Archives: PCI Compliance
How is PCI DSS Enforced?
Unlike most regulations you may be familiar with, the PCI DSS is enforced by contract – here is a quick look at the process; learn more about how you can achieve PCI compliance. Download your reference sheet.
Geting Ready for PCI DSS v4.0
(more…)PCI Software Security Framework
For businesses using PA-DSS assessed applications the time is near to start considering the new Software Security Framework that the PCI Council that will be mandated soon. (more…)
Does CCPA Affect You? What the 2020 Deadline Means for Reasonable Security
The California Consumer Privacy Act (CCPA) and more states are shaping data privacy management for reasonable security.
(more…)Cybersecurity Regulations: What the NYCRR 500 Deadline of March 1, 2019 Means to You
New York City is often referred to as the financial capital of the world; with the state of cybersecurity today and the increasing barrage of threats that financial related institutions must combat on a daily basis, it is no wonder that New York became the first state to take government action to do something about it. (more…)
Ready for March 1, 2019? 23 NYCRR 500 SECTION 11
THE NEW YORK STATE DEPARTMENT of FINANCIAL SERVICES (DFS) CYBERSECURITY REGULATION 23 NYCRR 500 SECTION 11
(more…)PCI Deadline is Fast Approaching on June 30, 2018
by Viviana Wesley PCI QSA, ISO 27001 Auditor – Managing Consultant, Governance & Compliance Services
Cyber security is a moving target. The technology and policies that kept users, devices and data safe at one time are eventually compromised at some point by the growing skills of cyber criminals and technology itself. This is one of the reasons security standards such as PCI DSS (Payment Card Industry Data Security Standard) are moving targets as well. Things never remain stationary in a world that is digitally transforming itself and security standards would not be relevant unless they dynamically changed along with the world. (more…)
Clarifying the new PCI DSS 3.2 Requirements for Service Providers
By Viviana Wesley, PCI QSA, ISO 27001 Auditor
The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in the far-reaching responsibility of protecting consumer data. The Payment Card Industry Data Security Standard or PCI DSS is the roadmap that they can turn to in order to prevent the compromising of primary account numbers (PAN) and other sensitive consumer credit card information. (more…)
WHAT KIND OF SECURITY ASSESSMENT DO I NEED?
What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose best. (more…)
THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means the end of, our analysis of reasonable security.” This statement might be alarming to the business and security communities, but it’s important to understand their statement in context, and for you to know what to do about it. (more…)