InfoSec, PCI, DSS, Payment Gateway, credit cards, debit cards, IDS/IPS, CDE

PCI DSS: When to Test Controls & Functions

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

Read More
By Jeff Man on Jan 3, 2019 4:51:51 PM
Security, Privacy, Leadership, Passwords, PasswordComplexity, PCI, SystemAdministrators, Authentication, Captcha

Password123! - Why Does Authentication Have to Be So Hard?

Password complexity and authentication has always been a subject of contention both for users and system  administrators. Many assume that forcing users to create more complex passwords, and changing them frequently,   will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.

Read More
By Security Consulting Team on Sep 13, 2018 11:28:04 AM