Governance & Risk Management

Safeguard Your Organization from Cybersecurity Liabilities

To protect businesses from cybersecurity liabilities, HALOCK Security Labs works to ensure that cybersecurity programs meet technical and legal standards, using Duty of Care Risk Analysis (DoCRA). This comprehensive approach minimizes your exposure to legal action and regulatory scrutiny, providing you with the peace of mind that your organization is well-prepared to handle any potential cybersecurity threats.

HALOCK’s partner, Reasonable Risk, offers a platform that (more…)

Are you Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS?

We recently discussed the required cataloging of your organization’s software for the future PCI DSS v4. While maintaining inventories is not a novel concept for digital organizations, PCI DSS v4.0.1 introduces several new inventory requirements that many organizations may not currently have in place:

 

Documented Cipher Suite Inventory

No doubt at some point you have rummaged through a drawer and found an old key or two and wondered if you may still (more…)

The Silent Threat: How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities

While organizations rightly prioritize protecting employee accounts from cybersecurity threats, particularly those with elevated privileges, service accounts too often receive less attention despite their critical nature. Service accounts operate silently in the background, running critical business applications and services that are essential for operations.

The importance of securing service accounts is now formally recognized in PCI DSS v4.0.1, which introduces new requirements taking effect March 31, (more…)

The New PCI DSS v4.0.1 Software Catalog Mandate: Are You Ready?

Some of the 51 future dated requirements of the new PCI DSS v4.0.1 that become effective on March 31, 2025, are related to inventory management. Let’s start by talking about software. In the digital era, software has become the fundamental engine powering organizational operations, and your organization undoubtedly relies on a variety of software applications to conduct business, many of which are bespoke or (more…)

PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria

The PCI Security Standards Council (PCI SSC) has made significant updates to Self-Assessment Questionnaire type A (SAQ A) as part of PCI DSS v4.0.1. These changes impact e-commerce merchants who outsource payment processing and previously relied on the SAQ A for compliance validation.

The latest modifications include:

  • Removal of PCI DSS Requirements 6.4.3, 11.6.1, and 12.3.1 from SAQ A.
  • New eligibility criteria requiring merchants to confirm (more…)

What Legislation Protects Against Deepfakes and Synthetic Media?

A Deep Look at Legislation

Deepfake legislation in the U.S. is advancing swiftly to combat the rising risks associated with synthetic media, addressing critical areas such as cybersecurity, privacy, election integrity, and intellectual property. Federal and state lawmakers are enacting and refining laws to curb the misuse of deepfake technology, focusing on issues like fraud, defamation, election manipulation, and (more…)

Go to Top