Remote Assessments: How to Maintain Compliance in a Crisis

Alexander Norell helps us address – Are remote assessments proving effective? What can companies do to ensure the lockdown is not impacting PCI progress? Remote assessments are likely to be the norm for many months as the global economy starts to get back on its feet and the Payment Card Industry Security Standards Council (PCI …

Apply Critical Thinking to Security and Compliance

Recently I came across a case where a company had encouraged their clients to apply for their services via a written form, which included fields for credit card information to pay for those services. The clients were encouraged to return the forms via email in a PDF format. The company in question was undergoing a PCI DSS …

Guidance for PCI Assessments During COVID-19

One of the challenges of information security and compliance is dealing with evolving requirements. The current pandemic with Covid-19 has further added complexity to how we operate and maintain secure payment systems. Not only do we have technical and administrative controls to manage and maintain but we also must address public health and safety concerns …

The Difference Between Risk and Compliance and the Important Connection Organizations Must Understand

There are a lot of misconceptions about risk and compliance. The assumptions from organizations are that if you’re compliant, you’re automatically able to combat potential risks. On the flip side there is a similarly incorrect assumption that if you’re risk program is already in place, your organization is already compliant by default. First, what is …

PCI Isn’t Risk-based! (and other PCI myths)

As an infosec practitioner and QSA, I’ve been deeply involved in PCI since its inception. As a former educator (I taught high school social studies for eight years), I believe in the reductionist method for teaching complex subjects. In these articles I will combine my experience to deconstruct many of the problems – typically rooted …

Windows 7 support is ending. Are you prepared?

Our old friend Windows 7 is facing retirement on January 14 with the end of extended support. What does this mean for you? If you’re still running Windows 7, then you’re going to have issues in several areas such as PCI, NIST, HIPAA, and GLBA to name a few. In nearly every framework, standard, and …

Will It Take a Breach for You to Take the Next Maturity Step?

Everyone (er, almost everyone) has had the experience of growing up – maturing if you will. You likely had people teach you and thoughtfully impart to you some knowledge. And, if you’re like me, you didn’t always pay attention. I had to make mistakes for myself to learn. When it comes to compliance and risk, …