PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating consequences.

Read More

PCI DSS

PCI DSS Version 4.0: Preparing for the Future

The first quarter of next year should be an exciting time for everyone working with PCI DSS. The PCI Security Standards Council is scheduled to release first a “Stakeholder Preview” of the long-awaited PCI DSS v4.0, and then, presumably some weeks

Read More

PCI DSS

Timely Update of Risk Assessment and Incident Response for PCI DSS

The PCI DSS compliance model depends on risk assessment and mitigation. The testing instructions for PCI DSS published by the PCI Security Standards Council for QSA’s tell us to look for evidence of documentation being updated as a result of lessons

Read More

PCI DSS

Requirements for Written Policies and Procedures for PCI DSS Compliance

I often come across clients whose documentation is missing a policy or a procedure that PCI DSS requires. “That will never happen here” or “We don’t have any workflow that could cause us to need that procedure,” they say. This may be true today, but

Read More

PCI DSS

Common Key Controls Tested in PCI DSS Assessments

As a company interested or required to become PCI DSS compliant, there is a list of key controls you must have in place, and appropriate evidence to be to be retained to provide the PCI DSS assessors during the testing period. Being able to easily

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

PCI DSS, vCISO, Security Program

What does a PCI DSS Compliance Program Look Like?

You receive a letter from your bank: “Congratulations, you just passed 2.5M credit card impressions in the last 12 months.” (Break out the Champagne). “We noticed we don’t have a PCI DSS AOC for you, would you kindly upload it to our portal?”

Read More

PCI DSS, Security Program, Privacy

Destroying Data Securely

In the days of Solid-State Disks (SSD), RAID10 disk drive arrays, databases taking snapshots of data, automated backups, and active-active data mirroring; how does one reliably and securely destroy data?

Read More

PCI DSS, Privacy

TokenEx and Truvantis: A Combined Solution for Uncompromising Security

Modern organizations must collect and store sensitive personal and payment data to process payments, compile analytics, and enable users to get the most out of their digital experiences. However, the systems and processes necessary to protect these

Read More

PCI DSS, CISO, vCISO

Use a vCISO to Achieve and Maintain PCI DSS Compliance

PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security Standard). All organizations that store, process, or transmit payment card transactions must adhere to

Read More