Understanding Data Tokenization
Data Tokenization Considerations
Tag Archives: PCI
$865,000 fine for HIPAA violations is latest from HHS OCR
Early July sees the latest fines imposed by Health & Human Services Office for Civil Rights for HIPAA violations.
Study finds that PCI compliant companies suffer far fewer data breaches
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI […]
Yes, you have to actually BE compliant
What IS a QSA?
QSA stands for Qualified Security Assessor, and they are certified by the PCI Security Standards Council. QSAs are tasked with providing guidance and validation to the DSS. QSAs are special in that they have been certified for their knowledge and ability to advise on the PCI DSS specifically. There are roughly 800 QSA individuals in North America […]
I’m NOT PCI compliant, what should I do?
I’ve spoken with several people in the past few months that have come right out and said that they believed they were not compliant with the PCI and were simply unsure what to do. Their questions were basically the same; what should we do first, who should we tell, how long will this take, and the […]
Windows Audit Policies for PCI DSS Compliance
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a […]
Virtualization in the PCI Environment
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment.
The Sounds of PCI Compliance
So I’ll admit I’m relatively new to the PCI Compliance arena. That said, I’ve been working with technology and financial companies for the last 15 years and while I’ve seen topics come & go; PCI Compliance is here to stay. I’ve noticed some commonalities from the folks I’ve spoken with recently and I wanted to share some […]