PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”
Security Program PCI DSS vCISO CISO Privacy Penetration Testing SOC2 Risk Assessment CIS Controls HIPAA Threat Intelligence CCPA Red Teaming CPRA ISO27001 GDPR Ransomware Red Team HITRUST
PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”
At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when she went to add a new payment method, a whole list of saved card numbers (redacted) showed up in the PAN
PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers—must have policies and procedures in place to manage its service providers.
Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards
The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and privacy are expected to be baked in from the very beginning. This means product requirement documentation,
The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup or a global enterprise.
Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the supporting documents have now been released, and they include a change that may impact your compliance and
In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. Let's review the changes from 3.2 to 3.2.1
PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program
A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a small part, like vulnerability management, vendor risk management, or responding to customer
I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught to program in half a dozen different languages and styles, but their assignments have never been run
PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”
At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when ...
PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, ...
Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...
The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...
The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup ...
Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the ...
In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. ...
PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program
A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a ...
I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught ...