PCI Requirement 11.1.2 – Implement Incident Response Procedures in the Event Unauthorized Wireless Access Points are Detected

by Randy Bartels / December 16, 2022

 Incident Response Procedures What would your organization do if an unauthorized wireless device was detected in your environment? PCI Requirement 11.1.2 requires that you implement incident response procedures so that in the event of some type of rogue wireless device, your employees know exactly how to respond. The size and complexity of your environment will determine what your incident response procedures should be. To verify compliance with PCI Requirement…

PCI Requirement 11.1 – Implement Processes to Test for the Presence of Wireless Access Points, and Detect and Identify All Authorized and Unauthorized Wireless Access Points on a Quarterly Basis

by Sarah Harvey / December 16, 2022

 Testing Wireless Access Points Exploitation of wireless technology, according to the PCI DSS, is one of the most common ways attackers attempt to gain unauthorized access to networks and cardholder data. This is due to the ease with which a wireless access point can be attached to a network, the difficulty in detecting their presence, and the increased risk presented by unauthorized wireless devices. This is why PCI Requirement…

PCI Requirement 11 – Regularly Test Security Systems & Processes

by Randy Bartels / December 16, 2022

 Regular Testing PCI Requirement 11 is about managing the security of your environment. It states, “Regularly test security systems and processes.” From everything we’ve learned in the PCI DSS so far, we know that it’s required us to: Harden our networks Harden our systems Protect data in storage Protect data in transmission Protect systems against malware Ensure that system and applications are developed securely Restrict access to cardholder data…

PCI DSS Update: Version 3.2.1 Released

by Sarah Harvey / December 16, 2022

On February 1, 2018, nine new PCI DSS requirements went into effect. Four months later, the PCI Security Standards Council (SSC) published a minor revision to the PCI DSS. PCI DSS v3.2.1 replaces v3.2 and addresses effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. Though PCI DSS v3.2.1 does not introduce any new requirements, let’s discuss the minor revisions made, when they…

SOC for Cybersecurity FAQs

by Sarah Harvey / November 20, 2023

What is SOC for Cybersecurity? Because most organizations conduct some portion of their business in cyberspace, they open themselves up to a new level of risk. Who they are, what they do, and what information they possess can make businesses targets for malicious attackers. Reputational damage, disruption of business operations, fines, litigation, and loss of business can all be consequences of a cybersecurity attack. It’s more important than ever to…