PCI Compliance credit card

Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program…  A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI compliant:

https://www.computerweekly.com/Articles/2011/04/19/246477/Infosec-2011-PCI-DSS-compliance-has-positive-impact-on-data-security-study.htm

Excerpt from the above linked article:  “The study found that in 2010, 99% of compliant organisations suffered no more than a single credit card related breach compared with 85% of non-compliant organisations, while 64% of compliant organisations had no breach at all compared with 38% of non-compliant organisations.

Only 1% of compliant organisations suffered more than one breach related to credit card data compared with 15% of non-compliant organisations, and 63% of compliant organisations suffered no more than a single breach overall compared with 22% of non-compliant, according to the 2011 PCI DSS Compliance Trends Study.”

Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services

PCI Compliance Credit Card

 

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel. 

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

PCI Compliance New Requirements and Targeted Risk Analysis (TRA)

 

RESOURCES & NEWS

Learn more about Penetration Testing and new exploits in HALOCK’s Exploit Insider.

The Dangers of Legacy Protocols

Exploiting API Endpoints

Abusing Default Credentials

Weaponizing Legacy Software

 

PCI Targeted Risk Analysis & DoCRA

https://www.halock.com/pci-compliance-new-requirements-and-targeted-risk-analysis/

 

HIPAA & Penetration Testing & Incident Response Plans

https://www.halock.com/are-you-ready-for-the-enhanced-hipaa-requirements-for-penetration-testing-and-more/

 

Top Threats in Healthcare

https://www.halock.com/top-cyber-threats-in-healthcare/

 

Cloud Security Risk Management

https://www.halock.com/prioritized-findings-and-remediation-in-cloud-security-reporting/

 

Penetration Testing Reports to Manage and Prioritize Risk

https://www.halock.com/a-threat-based-approach-to-penetration-test-reporting/

 

HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on information security and conducts PCI preparedness assessment, scoping, remediation, validation, and compliance maintenance services throughout the US.