For businesses using PA-DSS assessed applications the time is near to start considering the new Software Security Framework that the PCI Council that will be mandated soon.
How a retailer with both brick and mortar and online stores reduced overhead costs to allow re-investment into the business by validating PCI DSS compliance through penetration testing.
THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA ISSUES By Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field […]
By Chris Cronin, ISO 27001 Auditor, Partner The ever-increasing demands from laws and regulations to protect personal information comes with confusion about what exactly our protection responsibilities are. One source of that confusion is in the use of the terms “privacy” and “security.” While “privacy” and “security” are both common terms used in laws, regulations, and […]
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]
Author: Chris Cronin, ISO 27001 Auditor The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about.
Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, […]
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA As we rang in the New Year, the transition year for PCI v3.0 compliance came to a close. All businesses are now required to be compliant with version three of the PCI Data Security Standard (DSS). But did you know that a handful of the requirements […]
Some companies test once a year. Some test several times a year. So what frequency is correct for your organization? Well that all depends on how frequently your environment changes and other unique factors affecting your organization. When determining how often to conduct network penetration tests, consider the following: