PCI DSS

PCI DSS - Are Mobile Applications In-scope?

Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment card data. Perhaps, in this hypothetical reality, that you have no idea where your app’s obligations stand as far as PCI DSS and

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More

CIS Controls, Security Program

CIS V7: What's New and What to do

The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations can most effectively bolster their cybersecurity programs and take the proper strides to avert attacks

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

PCI DSS

Your 7 Step PCI Compliance Checklist

The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of top-level tasks to complete, there are dozens of sub-requirements and goals to meet for each, all of which may

Read More

PCI DSS, Security Program

I never touch Cardholder Data. So PCI DSS does not apply to me - Right?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards

Read More

PCI DSS

The Best Ways to Maintain Your Organization's PCI DSS Documentation

Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a non-negotiable security standard required of merchants and other organizations that handle payments card data.

Read More

Privacy, CCPA

CCPA grants consumers private right of action - What is that?

The California Consumer Privacy Act (CCPA) is a California state law protecting the personal information (PI) of California residents (“consumers”), which affects most large businesses (in any state) which serve those consumers. Compliance will be

Read More

PCI DSS

5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to process credit and debit transactions. 

Read More

PCI DSS

When does PCI Compliance Start?

The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and privacy are expected to be baked in from the very beginning. This means product requirement documentation,

Read More