Featured Blog

On April 4, 2014

How to ensure continuous compliance? Here are some suggestions.

Here are some points from an article related to establishing an IT control framework. However, this is perfectly applicable for ensuring continuous compliance in retail security as well. Some sensible high-lev ...

On March 24, 2014

“Data Vulnerability Can Undo Years of Brand Equity”, this sums it all up.

I read this story today on Adweek and the article sums it all up in the paragraph below. When it comes to data security, most companies are doing nothing, meaning absolutely nothing. Omega ATC has been urging retailers to take some steps, at least the initial steps recommended to secure their dat ...

On March 21, 2014

Which version of PCI DSS do retailers need to comply with in 2014? Version 2.0 or 3.0?

The PCI Council officially released PCI DSS version 3.0 in January, 2014. Many merchants are still working through their PCI Compliance audit that started in 2013 for the requirements of version 2.0. Clearly, their Report on Compliance (ROC) will be based on providing evidentiary support requir ...

On March 12, 2014

PCI DSS 3.0 New requirements – Maintaining an inventory of system components in scope

This is a requirement for sub-control 2.4. Inventory of systems refer to all hardware and software, virtual or physical within the cardholder data environment (CDE). This essentially means a list of all the hardware and software used, their purpose in being in the CDE, what they are and why they ...

On March 11, 2014

PCI DSS 3.0 New requirements — More demanding penetration testing

One of the high priority requirements of PCI DSS 3.0 is rigorous penetration testing. The specific controls that relate to this are 11.3 and 11.4. Retailers have been told to follow a documented set of procedures and guidelines for verification of proper segmentation of cardholder data environm ...