PCI Compliance Archives

Security Implications of Leveraging Cloud Computing

Cloud computing is rapidly evolving into a service model that has the potential to save money and create efficiencies for organizations large and small. This new model can help achieve significant cost savings, reduce IT complexity, and increase flexibility in adapting to a changing business environment. (more…)

Mobile Device Security

Mobile devices have become an important aspect of our personal and professional lives. In today’s networked world, we increasingly rely on mobile devices to access sensitive data on corporate networks. While the benefits of mobile devices is continually expanding, so are the risks. (more…)

What type of PA-DSS Payment Application Do I Have?

For those vendors looking to have their payment application listed on the Council’s “List of Validated Payment Applications”, you will see there are several different categories of a payment application. Some might be defined as a “Payment Middleware” or “POS Admin” or “POS Suite”. So how do you even begin to understand the difference amongst (more…)

Wireless Checklist for PCI Compliance

While I have typically seen merchants and service providers opt to segment their (more…)

PCI Council Changes the Rules for PA-DSS Minor Changes

The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors. Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed by having a PA-QSA assess the (more…)

Network Security Engineering Services

One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services. (more…)

Security awareness training should be mandatory for every organization

You’ve probably seen it in the past. Economy swings, business takes a hit. What’s one of the first things that gets chopped from the budget? Cyber Security Awareness Training. (more…)

PCI Compliance is one of the most detailed information security standards out there!

Pretty much everyone is aware of PCI these days. The Payment Card Industry Data Security Standard (PCI DSS) is one of the most detailed information security standards out there and in most cases has elevated the level of security within organizations. (more…)

PCI Compliance – It’s not just for today

Read an article recently on study that was comparing organizations that had achieved PCI Compliance, but that when re-visited a year later, had fallen out of compliance. (more…)

Placement of Exchange FE/CAS Servers in a PCI Compliant Environment ..Follow up

And a follow-up…(Servers in a PCI Compliant Environment)

Hello-
So I was the individual who wrote up this question initially and I do have some followup questions. I read about the MS recommendation of deploying in ISA server along with the CAS server to provide the necessary security – but I guess I was looking for a different solution that (more…)