payment card industry

payment card industry credit card

payment card industry compliance


The folks at processor.com have published an article with some helpful insights and suggestions for companies working on achieving or maintaining PCI DSS compliance.

https://www.processor.com/editorial/article.asp?article=articles/P3226/32p26/32p26.asp&guid=

Among other things, the article points out that the majority of companies who think they are PCI compliant may end up being surprised. “Among companies that consider their operations PCI compliant, only 21% were found to be truly compliant, according to a Verizon study. Companies should go beyond compliance and consider network monitoring tools and endpoint security measures that keep your data center safe from attack.”

Version 2.0 of the PCI DSS, which was recently released and goes into effect January 1, 2011, reflects the recognition of this challenge, as it shows a move away from the traditional check-list approach and incorporate much more language encouraging a true risk-based approach to controlling security.

HALOCK QSA’s are available to assist organizations who want to be certain they are truly compliant with the intent of the PCI DSS. Our consultants have always embraced the risk-based approach now being called for by the PCI Council and the DSS. If providing good, strong security remains the primary focus, then checking the boxes for compliance will not be a problem.

Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services

 

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel. 

Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1

Unpacking the New PCI DSS Password Standards

Is Your Organization Prepared for PCI DSS Automation – Requirement 10.4.1.1?

What is the PCI DSS v4 Authenticated Scanning Mandate – Requirement 11.3.1.2?

What is the PCI DSS v4.0.1 Requirement for PoLP – Requirement 7.2.5?

PCI SSC Updates SAQ A: Removal of Key eCommerce Security and New Eligibility Criteria – Requirements 6.4.3, 11.6.1, 12.3.1

The New PCI DSS v4.0.1 Software Catalog Mandate – Requirement 6.3.2

How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities – Requirements 8.6.1, 7.2.5.1, 8.6.2, 8.6.3, 10.2.1.2

Are You Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS – Requirements 12.3.3, 4.2.1.1?

How to Analyze An Attestation of Compliance (AOC)

PCI Compliance New Requirements and Targeted Risk Analysis (TRA)

 

RESOURCES & NEWS

Learn more about Penetration Testing and new exploits in HALOCK’s Exploit Insider.

The Dangers of Legacy Protocols

Exploiting API Endpoints

Abusing Default Credentials

Weaponizing Legacy Software

 

PCI Targeted Risk Analysis & DoCRA

https://www.halock.com/pci-compliance-new-requirements-and-targeted-risk-analysis/

 

HIPAA & Penetration Testing & Incident Response Plans

https://www.halock.com/are-you-ready-for-the-enhanced-hipaa-requirements-for-penetration-testing-and-more/

 

Top Threats in Healthcare

https://www.halock.com/top-cyber-threats-in-healthcare/

 

Cloud Security Risk Management

https://www.halock.com/prioritized-findings-and-remediation-in-cloud-security-reporting/

 

Penetration Testing Reports to Manage and Prioritize Risk

https://www.halock.com/a-threat-based-approach-to-penetration-test-reporting/