PCI Requirement 4 – Encrypt Transmission of Cardholder Data Across Open, Public Networks

by Randy Bartels / April 12, 2023

PCI Requirement 4 demands, “Encrypt transmission of cardholder data across open, public networks.” How will this requirement benefit your organization? Complying with PCI Requirement 4 will help prevent your organization from being a target of malicious individuals who exploit the vulnerabilities in misconfigured or weakened wireless networks. So as a safety measure, sensitive data that you transmit over open networks must be encrypted. Assessors will be evaluating whether your organization…

5 Tips for a Successful Penetration Test (Pentest)

by Sarah Harvey / December 19, 2022

Regular penetration tests are a critical line of defense when protecting your organization’s sensitive assets from malicious outsiders. Just like any test, you need to be prepared. Your organization should take steps to ensure that you pass your penetration test and will be prepared to fend off attackers. Not only are regular penetration tests required by most audit frameworks and provide real-world insight into how hackers can exploit vulnerabilities, they…

Navigating the HITRUST CSF

by Sarah Harvey / February 20, 2023

In this webinar, Jessie Skibbe discusses one of the most important steps in the certification journey: scoping. She will cover how to scope your environment for a HITRUST CSF assessment and how to define the risk factors related to your scope.  Scoping is the very first step in your certification journey. Before you even contact an assessor, you must determine what your scope is. The controls of the HITRUST…

5 Deadly Information Security Mistakes to Avoid

by Sarah Harvey / June 15, 2023

Learning to swim ahead of the latest threats in information security is important for avoiding a devastating run-in with a malicious attacker. So, we’ve compiled some exclusive advice from our expert security professionals that dispels common misconceptions about information security by outlining some of the deadliest information security mistakes your organization must avoid. Protect your sensitive assets and prevent a data breach from happening at your organization by avoiding these…

PCI Requirement 3.4.1 – Use of Disk Encryption

by Randy Bartels / May 31, 2023

If your organization is going to use disk encryption as a means to render data unreadable, you need to comply with PCI Requirement 3.4.1. PCI Requirement 3.4.1 states, “If disk encryption is used (rather than file or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login…