What is the PCI DSS v4 Authenticated Scanning Mandate?
Preparing for PCI DSS 4.0.1: The Authenticated Scanning Mandate
As organizations prepare for PCI DSS v4.0.1 enforcement on March 31, 2025, Requirement 11.3.1.2 introduces a critical update: the mandate for authenticated internal vulnerability scans. This new requirement addresses limitations in previous versions by requiring deeper, more accurate assessments of internal vulnerabilities.
What are the Key Points of Requirement 11.3.1.2?
- Authenticated Access: Internal scans must use privileged credentials.
Is Your Organization Prepared for PCI DSS Automation?
By Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM – Principal Consultant, Governance, Compliance and Engineering Services and Jason Maiden, CISSP, PMP, PCI QSA, ISO 27001 Lead Auditor – Managing Consultant
Gearing Up for PCI DSS Automation
Automation is revolutionizing industries across the board, and payment card compliance is no exception. PCI DSS v4’s Requirement 10.4.1.1 reflects this shift, mandating the use of (more…)
Unpacking the New PCI DSS v4.x Password Standards
By Jason Maiden, CISSP, PMP, PCI QSA, ISO 27001 Lead Auditor – Managing Consultant
The Payment Card Industry Data Security Standard (PCI DSS) v4.x introduced several new and enhanced security requirements, many of which became effective on March 31, 2024. However, the clock is ticking on additional future-dated requirements set to take effect on March 31, 2025. Among these, a significant portion pertains to (more…)
Countdown to Compliance: DMARC and PCI DSS v4.0
PCI DSS v4.0 2025
We are currently four months away from March 31, 2025, the compliance deadline for the Payment Card Industry Data Security Standard (PCI DSS) v4.0 best practice requirements. After that date all organizations must comply with the new 51 PCI DSS v4.0 requirements that have been considered best practices since 2024. One of the updates (more…)
FutureCon, Chicago Cybersecurity Conference 2025
Chicago Cybersecurity Conference
HALOCK and Reasonable Risk at FutureCon explore risk management and security approaches to address evolving cyber threats. Enjoy breakfast and lunch while connecting with colleagues and industry executives. Our partner discusses risk governance and management.
View the presentation
How Executives Make Informed Cyber Decisions
September 19, 2024, at 1:00 P.M. CST
Non-technical executives can truly own cybersecurity when their companies measure, monitor, and manage cybersecurity risk like other parts of their business.
The SEC is only the latest regulator to expect non-technical executives to take ownership of cybersecurity risk management. Regulators argue that when companies pose risks to others those risks needs to be managed, whether they come from business practices, (more…)
CAMP IT: Techniques to Evolve Risk Governance and Comply with SEC Cybersecurity Rule
CAMP IT: Enterprise Risk / Security Management
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real (more…)
Cyber Firm Reports SEC’s Final Rule Language Causing 10-K Filer Missteps
CHICAGO, Sept. 17, 2024 /PRNewswire/ — HALOCK Security Labs and sister company, Reasonable Risk, recently published a survey report revealing that language in the SEC’s new cybersecurity requirements appears to be confusing executives at public companies. As a result, many 10-K filings now make implausible claims that companies do not foresee a risk that cybersecurity incidents may cause material impacts. Early 10-K filers also (more…)
Annual 10-K Survey 2024
WHAT IS THE ANNUAL 10-K SURVEY?
A publication by HALOCK Security Labs and Reasonable Risk that tracks how well public companies describe their cybersecurity programs in Item 1C of their 10-K disclosures.
WHAT IS ITEM 1C?
Item 1C is a new requirement (as of December 2023) from The SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public filers to describe to their investors how (more…)
Q&A with our QSA
The right Qualified Security Assessor (QSA) is crucial to the success of your organization’s security and compliance. HALOCK is fortunate to have a stellar team to support our clients. We are happy to highlight one of our key leaders on PCI, Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM. Get to know her with our quick Q&A:
(more…)
