The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...

Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...

Most data crimes are the result of online compromises. This makes sense, as the criminals don’t need to know any of the old, dirty, hands-on techniques such as lock-picking, dumpster diving, or any other evasive maneuvers to carry out a successful attack. However, this doesn’t mean that the old methods are completely defunct. Physical security is...

The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...

At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...

We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in...

In April 2023, German artist Boris Eldagsen won the open creative award for his photographic entry entitled, Pseudomnesia: The Electrician. But, the confusing part of the event for the judges and the audience was that he refused to receive the award. The reason was that the photograph was generated by an Artificial Intelligence (AI) tool. It was...

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...

If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...

We have officially entered the 12-month countdown to the enactment of the new Payment Card Industry Data Security Standard (PCI DSS). The new version, 4.0, set to go into effect on April 1, 2024, contains some interesting and notable changes. Is your organization ready to meet the new requirements? In this 6-part series, we spoke with specialists...

Cybersecurity has risen to become a major concern for nearly every industry. With the constant stream of news about the escalating numbers of breaches, it is understandable that governments have taken a more active role by passing cybersecurity and privacy legislation. Some of the industries are not top of mind to many people. For example, few...

While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the...

In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0. One of the questions we commonly hear is, “How do we prepare for PCI 4.0 deadlines while still maintaining day-to-day operations?” The discussion involved David Bruce,...

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online...

The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report provides a data...

This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection to complement our automated cybersecurity features. These are the people...

When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed...

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information...

When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies...