Blog

PCI DSS

PCI DSS - Are Mobile Applications In-scope?

Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment card data. Perhaps, in this hypothetical reality, that you have no idea where your app’s obligations stand as far as PCI DSS and

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More

CIS Controls, Security Program

CIS V7: What's New and What to do

The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations can most effectively bolster their cybersecurity programs and take the proper strides to avert attacks

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

PCI DSS

Your 7 Step PCI Compliance Checklist

The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of ...

Read More

PCI DSS, Security Program

I never touch Cardholder Data. So PCI DSS does not apply to me - Right?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...

Read More

PCI DSS

The Best Ways to Maintain Your Organization's PCI DSS Documentation

Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a ...

Read More

Privacy, CCPA

CCPA grants consumers private right of action - What is that?

The California Consumer Privacy Act (CCPA) is a California state law protecting the personal information (PI) of California residents ...

Read More

PCI DSS

5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security ...

Read More

PCI DSS

When does PCI Compliance Start?

The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...

Read More