PCI 4.0 – Let the fun begin
You’ve put it off, ignored it, or just been busy. Whatever the case, PCI version 4.0 is a reality as […] ... Read More
PCI and Wireless Technologies
While using wireless technologies in a PCI environment can be tricky, it is possible to configure it appropriately and obtain […] ... Read More
PCI DSS 4.0 – Those Vulnerability Scans Just Got A LOT Tougher
Vulnerability scans are very configurable and range in efficacy based on the settings chosen. For instance, the scan can be […] ... Read More
PCI 101: Network Security Control Configuration Review, AKA firewall ruleset review
The PCI DSS requires a review of all network security control (NSC) configurations at least once every six months (Req. […] ... Read More
Shadow IT – Get Out of the Dark
Shadow IT–the stuff that goes on without IT’s involvement–brings many risks to an organization. If users have excessive privileges, they […] ... Read More
The Real Story Behind PCI Scope and Segmentation
The definition and maintenance of a clear scope of applicability for any standard is always a challenge on complex networks. […] ... Read More
Can’t Stay PCI Compliant? Consider a PCI Charter
Does this sound familiar? You’ve gotten your Report on Compliance (RoC), but you’re dreading the next assessment because you know […] ... Read More
How Do You Know Your Controls Are In Place and Effective?
The PCI DSS requires service providers to confirm that their security personnel are “performing their tasks in accordance with all […] ... Read More
How to Write a Penetration Testing Methodology for PCI
The PCI DSS requires that all assessed entities develop and maintain a penetration testing methodology. Many organizations struggle with this […] ... Read More
Using RASP to Protect Applications and Comply with the PCI DSS
Public-facing web applications are ripe targets for attackers. These applications need security to protect against attacks as well as identify […] ... Read More
