Duty of Care Risk Assessment (DoCRA) Archives

Reasonable and Appropriate Data Security

Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements. (more…)

PCI Level 2 Non-Compliance, Mastercard’s New Rules

payment card industry compliance mastercard

I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that (more…)

Best Practices for Achieving PCI DSS Compliance

The Payment Card Industry Data Security Standard, or PCI DSS, provides a well-defined list of security requirements, but many organizations are left with more questions than answers when it comes to determining how best to address each requirement in a (more…)

Previous 1213