I read this story today on Adweek and the article sums it all up in the paragraph below. When it comes to data security, most companies are doing nothing, meaning absolutely nothing. Omega ATC has been urging retailers to take some steps, at least the initial steps recommended to secure their dat ...
Read MoreThe PCI Council officially released PCI DSS version 3.0 in January, 2014. Many merchants are still working through their PCI Compliance audit that started in 2013 for the requirements of version 2.0. Clearly, their Report on Compliance (ROC) will be based on providing evidentiary support requir ...
Read MoreThis is a requirement for sub-control 2.4. Inventory of systems refer to all hardware and software, virtual or physical within the cardholder data environment (CDE). This essentially means a list of all the hardware and software used, their purpose in being in the CDE, what they are and why they ...
Read MoreOne of the high priority requirements of PCI DSS 3.0 is rigorous penetration testing. The specific controls that relate to this are 11.3 and 11.4. Retailers have been told to follow a documented set of procedures and guidelines for verification of proper segmentation of cardholder data environm ...
Read More