Blog

PCI DSS

5 Tips for Becoming PCI DSS Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup ...

Read More

PCI DSS

Changes to SAQs for PCI DSS v3.2.1

Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the ...

Read More

PCI DSS

What's new in PCI DSS 3.2.1

In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. ...

Read More

PCI DSS, SOC2, vCISO, HIPAA, CIS Controls, Security Program

How much of your Information Security function can you safely outsource?

Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. ...

Read More

PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

7 Advantages of using a "virtual CISO" (vCISO)

A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a ...

Read More

PCI DSS

Common Key Controls Tested in PCI DSS assessments

As a company interested or required to become PCI DSS compliant, you have a list of key controls you must have in place with proper auditing ...

Read More

PCI DSS

Preventing Scope Creep in PCI Compliance

QSAs have to validate the scope of a PCI assessment. It is one of the biggest areas of contention, but limiting scope is of paramount importance ...

Read More

PCI DSS, Security Program

Secure Coding 201: Does it Exist?

I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught ...

Read More

PCI DSS

A Summary of Deadlines in PCI 3.2

Everybody - Immediately Existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place ...

Read More