3 Reasons You Should Be Undergoing Regular Penetration Tests

by Sarah Harvey / December 16, 2022

Did you now you could avoid a costly data breach by having regular Penetration Testing and Vulnerability Scans? So why don't we? Every week we hear about an unforgiving hacker who has taken advantage of a security gap to maliciously gain access to tons of irretrievable data, costing them tons of money, and ultimately damaging the reputation of the organization. Not to mention those affected by the stolen data -…

Ask the Auditor: PCI DSS Requirements 3 & 4

by Sarah Harvey / June 13, 2023

We had another chance to interview one of our Information Security Auditors, Tim Cunningham, on some frequently asked questions about PCI DSS Requirements 3 and 4. Here are the highlights from the interview: Q: When we consider the concept of protecting stored cardholder data, what is the first thing to consider when planning compliance with Requirement 3? An organization’s approach to PCI Compliance should be a top-down, management driven approach.…

Top 10 Risks Found by Our Auditors

by Sarah Harvey / December 16, 2022

Are you in the process of getting your annual audit performed? Are you preparing for your annual audit? We have compiled a list of the Top 10 Risks we most commonly find when auditing information security to help you better strengthen your own environment. Take a look at what our auditors have found to be common shortcomings and make sure you’re not making those same mistakes at your organization. 1.…

Why am I Being Asked About SSAE 16, and What do I Need to Know to Talk Intelligently?

by Sarah Harvey / December 16, 2022

SOC 1 (formerly SSAE 16) is the most commonly used means of third-party attestation. Have you been asked about a SOC 1 audit? Are you interested in learning more about how you can ensure SOC 1 compliance? The following webinar provides an informative overview of the SOC 1 framework along with SOC 2, HIPAA, PCI, and FISMA.  What Does a SOC 1 Audit Include? SOC 1 is an audit…

PCI Readiness Series: PCI Requirements 3 and 4

by KirkpatrickPrice / December 16, 2022

This session in our PCI Readiness Series focuses on PCI DSS Requirements 3 and 4, which focus on encryption and protecting cardholder data. PCI Requirement 3 states, "Protect stored cardholder data." PCI Requirement 4 states, "Encrypt transmission of cardholder data across open, public networks."  What is Requirement 3? PCI Requirement 3 gives organizations an opportunity to consider which retained data is required and which is becoming a liability for…