Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a […]
Author: Viviana Wesley, PCI QSA The PCI Security Standards Council has published a change highlights document for v3.0 expected in November 7th 2013.
Author: Viviana Wesley, PCI QSA Do you accept credit cards as a form of payment? If so, take notice of the guidelines outlined by Visa in response to a recent breach at a grocery store chain: http://usa.visa.com/download/merchants/alert-prevent-grocer-malware-attacks-04112013.pdf
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report.
A Guide to System Hardening:
On June 29, 2011 the PCI Security Council released a checklist outlining the types of payment applications that are eligible for PA-DSS validation:
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about […]
PCI DSS v2.0 has been released. So what now? Summary of Changes:
Common Misconceptions About PCI DSS Self-Assessment Questionnaires (SAQs). Is your organization PCI compliant? Are you sure?