Governance, Risk & Compliance
PCI and Wireless Technologies
While using wireless technologies in a PCI environment can be tricky, it is possible to configure it appropriately and obtain […] ...
PCI DSS 4.0 – Those Vulnerability Scans Just Got A LOT Tougher
Vulnerability scans are very configurable and range in efficacy based on the settings chosen. For instance, the scan can be […] ...
PCI 101: Network Security Control Configuration Review, AKA firewall ruleset review
The PCI DSS requires a review of all network security control (NSC) configurations at least once every six months (Req. […] ...
Can’t Stay PCI Compliant? Consider a PCI Charter
Does this sound familiar? You’ve gotten your Report on Compliance (RoC), but you’re dreading the next assessment because you know […] ...
How Do You Know Your Controls Are In Place and Effective?
The PCI DSS requires service providers to confirm that their security personnel are “performing their tasks in accordance with all […] ...
How to Write a Penetration Testing Methodology for PCI
The PCI DSS requires that all assessed entities develop and maintain a penetration testing methodology. Many organizations struggle with this […] ...
Using RASP to Protect Applications and Comply with the PCI DSS
Public-facing web applications are ripe targets for attackers. These applications need security to protect against attacks as well as identify […] ...
The Importance of ICS Cybersecurity
For the past 25 years, I have been working with Operational Technology (OT), and for the last 10 I have […] ...
Penetration Testing – What’s New in the PCI DSS v4.0
Penetration testing (pen testing) remains largely the same in PCI version 4.0 as it was intended in PCI version 3.2.1, […] ...
Considerations for merging your IT and OT environments into ICS
Many organizations straddle the barrier between two different worlds: the Operational Technology (OT) world of physical machinery, manufacturing systems, SCADA, […] ...