How To Find The Right QSA
If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless others, organizations are (more…)
PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography
SSL No Longer Considered Strong Cryptography
In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon. The change is related to vulnerabilities seen with Secure Socket Layer (SSL) cryptography. (more…)
PCI v3.0 Transition Year Ends…With One More Deadline Looming
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA
As we rang in the New Year, the transition year for PCI v3.0 compliance came to a close. All businesses are now required to be compliant with version three of the PCI Data Security Standard (DSS). But (more…)
PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized
Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party (more…)
A Word about the Target Data Security Breach
What happened to Target® last week is every business’ worst nightmare. We’ve received a number of inquiries regarding the security breach incident from concerned clients and friends and wanted to share a few insights. (more…)
PCI DSS AND PA-DSS V3.0 CHANGE HIGHLIGHTS
The PCI Security Standards Council has published a change highlights document for v3.0 expected in November 7th 2013. (more…)
SEIM Many Logging Options – What to Do?
Log and Security Event Information Management (SEIM) are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which have already happened. SEIMs are the intelligence (more…)
Security Alert: Recent Breach at Grocery Chain
Do you accept credit cards as a form of payment? If so, take notice of the guidelines outlined by Visa in response to a recent breach at a grocery store chain: http://usa.visa.com/download/merchants/alert-prevent-grocer-malware-attacks-04112013.pdf (more…)
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines.
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card (more…)
