Featured Blog

On March 12, 2014

PCI DSS 3.0 New requirements – Maintaining an inventory of system components in scope

This is a requirement for sub-control 2.4.  Inventory of systems refer to all hardware and software, virtual or physical within the cardholder data environment (CDE). This essentially means a list of all the hardware and software used, their purpose in being in the CDE, what they are and why they ...

On February 28, 2014

Hackers have encroached all areas. Way beyond mobile and wireless…

Hackers are "Hacking all the things". We are starting to hear about environments like thermostats, heating, ventilation, air-conditioning using web interfaces and http custom protocols.  Those are big security issues. Next, over the last several months there have been numerous cases of hackers ta ...

On February 26, 2014

Verizon 2014 PCI Compliance Report – Major revelations and suggestions

The 2014 Verizon report indicates that 9 out of 10 failed their PCI DSS baseline assessment. Here are some excerpts from the report:

• “Organizations that are breached tend to be less compliant with PCI DSS than the average of organizations in our resear ...
  Read More

On February 20, 2014

Lessons from recent data security breaches

There are many large data security breaches that are being reported nationally. They are high-profile retail chains. Equally important are the smaller breaches which are occurring every day. All that was required to find the smaller companies breach list was do a simple search on the Internet.  Itâ ...

On February 13, 2014

PCI DSS 3.0: New and updated requirements

This was listed in one of the articles about updates on PCI DSS 3.0.  There is too much going on in the retail world with constantly increasing breaches, both high and low profile ones.  Hence all the fuss about data security and compliance.  Coincidentally, this is the year for transitioning to ...