You are viewing 'PCI Compliance'

PCI SSC Revises Deadline – Should You?

Additional 24 months allowed for compliance

Bob Bybee

February 04, 2016 - Posted by Bob Bybee to Security News


In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.

The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >

Solutionary Earns PCI ASV Certification

12th Consecutive Year as an ASV

Court Little

September 29, 2015 - Posted by Court Little to Security News


Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >

Is Your Organization Compliant or Secure?

Compliance doesn’t equal security

Derek Weakley

June 18, 2015 - Posted by Derek Weakley to Security Insight

Compliance Check

Security enables the continued success of any compliance program, not the other way around. If an organization chooses to do the bare minimum for security, then they should (in theory) expect a maximal impact as a result of a breach.

Take a moment and think about 2014, “The Year of the Data Breach.” It is highly unlikely that the information security (IS) and information technology (IT) teams in each of the major 2014 breaches were not aware of the vulnerabilities or the poor security architecture. However, was management aware of these vulnerabilities? And if so, what mitigation action did they take to correct those vulnerabilities?

It is crazy to me, as an information security manager at Solutionary, that an organization will wait for a catastrophic event or a third-party review before... read more >

Lobby Security and Beyond – Week 7 of 7

Developing Policy, Training Employees and Ensuring Compliance

Brad Curtis

April 30, 2015 - Posted by Brad Curtis to Security Insight

Last weeks’ post, Lobby Security and Beyond – Week 6 of 7: Utilizing Signage Effectively, offered guidance on how to use signage as a communication tool. This final blog in the seven week Lobby Security blog series, covers the importance of defining and publishing policies, providing training to employees and ensuring compliance.


It is very important to develop policies regarding the physical security measures you implement. These policies will help to define your security standards, and ultimately integrate with your overall security plan. Once you define your policies, be sure to get executive sponsorship for those policies, and then publish and communicate the policies to the organization.

Two items not... read more >

Retail Needs to Take a Lesson From...Retail

Protecting Credit Card Data and Meeting PCI DSS Requirements

Brian Drexler

February 05, 2015 - Posted by Brian Drexler to Security Insight


Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?

Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.

Does this look like segmentation?

Sure does.

Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?

Of course not.

This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)