Safeguard Your Organization from Cybersecurity Liabilities
To protect businesses from cybersecurity liabilities, HALOCK Security Labs works to ensure that cybersecurity programs meet technical and legal standards, using Duty of Care Risk Analysis (DoCRA). This comprehensive approach minimizes your exposure to legal action and regulatory scrutiny, providing you with the peace of mind that your organization is well-prepared to handle any potential cybersecurity threats.
HALOCK’s partner, Reasonable Risk, offers a platform that (more…)
RSA Conference: Establish Legal Defensibility & Communicate to Non-Technical Executives
RSA Conference 2025
This year’s RSA theme is The Art of Possible. It emphasizes what we can all do for our industry.
“Together, we sharpen our abilities to foresee risks, counter threats, and embrace new challenges. This shared drive connects and elevates us.”
Early Stage Expo
HALOCK and Reasonable Risk (more…)
Cyber Security Consulting Services Provider of the Year
HALOCK Security Labs is a finalist for:
Cyber Security Consulting Services Provider of the Year
Intelligent Insurer’s Cyber Insurance Awards USA 2025
The Cyber Insurance Awards Program seeks to honor the outstanding contributions of individuals and organizations that have significantly raised the bar in managing cyber risk. The awards (more…)
Are you Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS?
We recently discussed the required cataloging of your organization’s software for the future PCI DSS v4. While maintaining inventories is not a novel concept for digital organizations, PCI DSS v4.0.1 introduces several new inventory requirements that many organizations may not currently have in place:
Documented Cipher Suite Inventory
No doubt at some point you have rummaged through a drawer and found an old key or two and wondered if you may still (more…)
The Silent Threat: How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities
While organizations rightly prioritize protecting employee accounts from cybersecurity threats, particularly those with elevated privileges, service accounts too often receive less attention despite their critical nature. Service accounts operate silently in the background, running critical business applications and services that are essential for operations.
The importance of securing service accounts is now formally recognized in PCI DSS v4.0.1, which introduces new requirements taking effect March 31, (more…)
Satisfying the SAQ-A Eligibility Criteria Update
Are You Outsourcing eCommerce?
Our recent article PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria outlined significant requirement updates – who this affects and next steps. These requirements are still part of PCI DSS v4.0.1 and the March 31, 2025 deadline. However, SAQ type A merchants are no longer required to validate compliance with them, as long as (more…)
The New PCI DSS v4.0.1 Software Catalog Mandate: Are You Ready?
Some of the 51 future dated requirements of the new PCI DSS v4.0.1 that become effective on March 31, 2025, are related to inventory management. Let’s start by talking about software. In the digital era, software has become the fundamental engine powering organizational operations, and your organization undoubtedly relies on a variety of software applications to conduct business, many of which are bespoke or (more…)
PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria
The PCI Security Standards Council (PCI SSC) has made significant updates to Self-Assessment Questionnaire type A (SAQ A) as part of PCI DSS v4.0.1. These changes impact e-commerce merchants who outsource payment processing and previously relied on the SAQ A for compliance validation.
The latest modifications include:
- Removal of PCI DSS Requirements 6.4.3, 11.6.1, and 12.3.1 from SAQ A.
- New eligibility criteria requiring merchants to confirm (more…)
What Legislation Protects Against Deepfakes and Synthetic Media?
A Deep Look at Legislation
Deepfake legislation in the U.S. is advancing swiftly to combat the rising risks associated with synthetic media, addressing critical areas such as cybersecurity, privacy, election integrity, and intellectual property. Federal and state lawmakers are enacting and refining laws to curb the misuse of deepfake technology, focusing on issues like fraud, defamation, election manipulation, and (more…)