PCI Requirement 3.4.1 – Use of Disk Encryption

by Randy Bartels / May 31, 2023

If your organization is going to use disk encryption as a means to render data unreadable, you need to comply with PCI Requirement 3.4.1. PCI Requirement 3.4.1 states, “If disk encryption is used (rather than file or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login…

Breachmania: Top Data Breaches in 2017

by Sarah Harvey / December 19, 2022

Halfway through the year 2017, we find ourselves reading a similar headline in the news every day, "XYZ Company Has Announced 100 Million Customer Records Exposed in Data Breach." As we skim the articles, we breathe a brief sigh of relief that it isn’t our company in the headline, knowing that we could be next. According to a 2017 Ponemon Institute Report, the average total cost of a data breach…

Man working on computer

Shark in Water: 5 Things to Avoid a Costly Data Breach

by Sarah Harvey / June 13, 2023

Is your organization swimming in information security concerns? Recent and startling new malicious attacks are causing organizations to re-think everything we know about our security posture – from breach prevention to response. Organizations are beginning to shift their focus on security when they have realized that sometimes, compliance isn’t enough. With this “shark in water” reality, here are 5 things your organization should be doing to avoid a data breach.…

Guide to PCI Compliance – Navigating PCI DSS v3.2

by KirkpatrickPrice / April 12, 2023

What is the PCI DSS? The PCI Security Standards Council was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. It ensures that all data that lives within the Cardholder Data Environment (CDE) is protected and secured from theft or unauthorized use. Any merchant, service provider, or sub-service provider who stores, processes, or transmits…

Introduction to PCI Requirement 2

by Randy Bartels / April 12, 2023

What is PCI Requirement 2? PCI Requirement 2 mandates, “Do not use vendor-supplied defaults for system passwords and other security parameters.” Were you aware that vendor-supplied default passwords and settings are well-known among the hacker community? PCI Requirement 2 was created to fight the malicious individuals who try to compromise systems with the vendor-supplied default information. PCI Requirement 2 focuses on hardening your organization’s systems and assets. We’re here to…