Understanding PCI Compliance
Compliance with PCI DSS is crucial for any organization that stores, processes, and/or transmits credit card information. PCI DSS also applies to any service provider that can affect the security of another organization’s cardholder environment (CDE). Maintaining and managing compliance with PCI DSS can require heavy lifting within an organization, but the right partner can […]
Securing Payments: The Strategic Advantage of Outsourcing for PCI DSS Compliance and Mitigating Third-Party Cybersecurity Risks
Cybersecurity is not only a team sport—it’s a multi-team sport. The complexity of cybersecurity as well as resource constraints make it nearly impossible to do business without help from third-parties. Utilizing third-party service providers for PCI DSS compliance offers several significant benefits, such as scope reduction. By outsourcing certain functions involving the handling, processing, or […]
5 Cybersecurity Trends to Watch in 2024
As the New Year’s celebrations have come and gone, the digital landscape continues its relentless evolution. And just like fashion trends come and go, so too do cyberthreats. To stay ahead of the curve and keep your data safe in the turbulent year ahead, let’s buckle up and explore some key cybersecurity trends to watch […]
Cybersecurity Incident Response Programs: Are They Really That Important?
Have you truly considered what it would take to minimize the impact on your organization following a cyberattack? You’ve probably heard the phrase, “it’s not a matter of if, but when.” After hearing that phrase, you may have thought to yourself, “I’m too small for a hacker to care about me,” or “I have impenetrable […]
Security and Privacy: Stick to the Script
The payment page of one well-known e-commerce site recently visited by the author contained 16 third-party scripts, including some from companies that are well-known for siphoning personal information. There are security and privacy reasons to provide stronger safeguards from scripts that can be compromised by threat actors to steal payment information. Effectively managing and overseeing […]
Cybersecurity Risk is a Business Problem
Risk Consider the fact that we, as humans, assess risk daily. We assess risk before walking across the street, catching a train, driving our car, or even eating spicy foods, so why have we been reluctant to consider cybersecurity risk assessments as the foundational approach to security and assurance? Organizational Risk Let us first discuss […]
Unwrapping Social Engineering: Stay a step ahead of cybercriminals this season
What do natural disasters and holidays have in common? That is when criminals love to scam people using social engineering tactics. Why? Because people are vulnerable at those times. We don’t know when the next natural disaster will strike, but we do know when the holidays will be upon us. The winter holiday season is […]
The Modern CISO: From Data Closet to Boardroom
In the short span of twenty years, companies of all sizes have experienced rapid transformation in the way they receive, process, store, and transmit data of all types. The most heavily impacted data sets have been personal health information (PHI), financial data, and personally identifiable information (PII). The CISO and security practitioners’ job is, and […]
Ghoulishly Good or Eerily Iffy: The Advantages and Disadvantages of Generative AI
With Halloween upon us, it’s the perfect time to delve into the enigmatic world of Generative Artificial Intelligence (AI). Much like the thrilling tales of this spooky season, generative AI has both its captivating advantages and hair-raising disadvantages. So, let’s put on our costumes, light our jack-o’-lanterns, and embark on a journey through the eerie […]
Targeted Risk Assessments in PCI DSS 4.0: A Closer Look
The Payment Card Industry Data Security Standard (PCI DSS) has evolved over the years to provide a robust framework for securing cardholder data. With the advent of PCI DSS 4.0, the focus has shifted towards a more flexible, outcome-driven approach that prioritizes securing data rather than just complying with a checklist of requirements. A crucial […]