PCI DSS

Pentesting for PCI DSS

Most industry-recognized security frameworks, including HITRUST, CIS Controls and PCI DSS, stipulate penetration testing requirements as part of an organization's risk management cycle. In addition, the Payment Card Industry Security Standards Council (PCI SSC) provides

Read More

PCI DSS

How to Evade PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) compliance can be expensive for financial institutions and transaction processors that cannot avoid touching cardholder data (CHD). However, ordinary merchants can reduce the scope with

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

Why You Should Hire a Virtual Data Protection Officer (vDPO) Now

The Data Protection Officer (DPO) is a role required by the EU General Data Protection Regulation (GDPR). If your organization is subject to GDPR and meets the large-scale data handling factors, you need a DPO. What can you do if you don't have an

Read More

PCI DSS

PCI DSS 4.0 is Open for Discussion

The PCI Data Security Standard (PCI DSS) is a global standard of technical and operational requirements for merchants and service providers who collect, process, or store cardholder data. The next evolution of the PCI DSS,  version 4.0, is emerging. 

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security

Read More

PCI DSS

PCI DSS 4.0 Release!

Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) published the official PCI DSS version 4.0. Over the next few months, we anticipate supporting documentation to emerge and QSA training to begin.  

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

PCI DSS

PCI-DSS –SAD vs. CHD

When it comes to handling payment cardholder data, PCI DSS has many rules about what you must and must not do when it comes to handling payment data. But the most stringent requirements apply to sensitive authentication data (SAD). 

Read More

PCI DSS

PCI DSS Truncation Rules and Guidelines

The PCI Security Standards Council's redefined truncation rules are a mess.

Read More

PCI DSS

Five Ways to Reduce the Cost of PCI DSS Compliance

If your company stores, processes, or transmits cardholder data, you need PCI DSS compliance. According to the Verizon 2020 Payment Security Report, within the financial and insurance industries, 30% of breaches were caused by web application

Read More