You are viewing 'PCI DSS'

PCI SSC Revises Deadline – Should You?

Additional 24 months allowed for compliance

Bob Bybee

February 04, 2016 - Posted by Bob Bybee to Security News

PCI

In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.

The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >

Solutionary Earns PCI ASV Certification

12th Consecutive Year as an ASV

Court Little

September 29, 2015 - Posted by Court Little to Security News

PCI SSC ASV

Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >

Is Your Organization Compliant or Secure?

Compliance doesn’t equal security

Derek Weakley

June 18, 2015 - Posted by Derek Weakley to Security Insight

Compliance Check

Security enables the continued success of any compliance program, not the other way around. If an organization chooses to do the bare minimum for security, then they should (in theory) expect a maximal impact as a result of a breach.

Take a moment and think about 2014, “The Year of the Data Breach.” It is highly unlikely that the information security (IS) and information technology (IT) teams in each of the major 2014 breaches were not aware of the vulnerabilities or the poor security architecture. However, was management aware of these vulnerabilities? And if so, what mitigation action did they take to correct those vulnerabilities?

It is crazy to me, as an information security manager at Solutionary, that an organization will wait for a catastrophic event or a third-party review before... read more >

Retail Needs to Take a Lesson From...Retail

Protecting Credit Card Data and Meeting PCI DSS Requirements

Brian Drexler

February 05, 2015 - Posted by Brian Drexler to Security Insight

POS

Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?

Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.

Does this look like segmentation?

Sure does.

Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?

Of course not.

This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >

What Will 2015 Mean for IT Security?

2015: Year of the ___?

Joseph (JB) Blankenship

January 06, 2015 - Posted by Joseph (JB) Blankenship to Security Insight

IT Security 2015

2014 is behind us. Depending on your perspective, 2014 is either known as “The Year of the Data Breach” or the “Year of the Undisclosed Vulnerability.”

According to the Identity Theft Resource Center, there were 761 breaches reported in the U.S. during 2014, with over 83 million records exposed in 2014 (as of December 23, 2014). This is an increase of over 25% over the same timeframe in 2013.

With the seemingly never-ending data breach announcements, the general public has started taking a “so what, it's just another data breach” kind of attitude about data breaches. It’s as if there is now almost an expectation that your data will end up in the... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS