PCI DSS News
November 29, 2016
Attendees at an SAP SME Summit lauded the e-commerce front end, but some said back-end integration and payment-processing features are needed before a full migration to the platform.
June 08, 2016
Following a number of attacks on the SWIFT banking system that led to the theft of millions of dollars, SWIFT promised new rules to improve security for bank transfers.
April 28, 2016
PCI DSS 3.2 marks the start of refining the payment data regulations, rather than minor changes, and includes requirements to strengthen encryption and multifactor authentication.
February 19, 2016
The PCI council has determined its data security standard is finally mature enough to forego significant updates, so PCI DSS 3.2 will be more of an incremental modification.
PCI DSS Get Started
Bring yourself up to speed with our introductory content
The big guys already have one -- now smaller cloud service vendors are hiring a cloud-specific security exec to focus on security. Continue Reading
A constantly evolving threat landscape and a deepening skills crisis has more enterprises looking to a managed security service provider for help handling some of their security requirements. The trend is expected to drive strong demand for MSSPs over the next few years, especially in areas like intrusion prevention and detection systems, distributed denial-of-service mitigation, unified threat management and security information and event management (SIEM). Estimates for the overall size of the global market over the next few years range from the low $20 billion to $35 billion. That makes it one of the fastest growing segments in the security industry. What are the factors CISOs need to consider when choosing a managed security provider and what are some best practices for getting the most out of these relationships?
Enterprises have a range of options for using such services, from managed on-premises or managed customer-premise equipment services to fully outsourced, cloud-hosted options. A hybrid security model has worked for Arlington County in Virginia. The local government's security operations center is managed by in-house engineers who inherently know the network and are better positioned to respond to SIEM alerts from the MSSP. "We preferred the hybrid approach because we had the seasoned staff available to perform this aspect of the security practice," CISO David Jordan said. "It's a positive and successful approach, and the results are repeatable."
Much of the managed security provider growth is being driven by the need for increased security and compliance measures at small to medium-sized businesses. In this issue of Information Security magazine, we look at the evolution of the managed security provider and the best ways to handle these partnerships.Continue Reading
A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard. Continue Reading
Evaluate PCI DSS Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'? Continue Reading
Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF. Continue Reading
If you think Payment Card Industry Data Security Standard is just for merchants, think again. Here's why virtually every company can boost security and address risk issues using PCI DSS. Continue Reading
Manage PCI DSS
Learn to apply best practices and optimize your operations.
Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk assessments can help. Continue Reading
PCI DSS is pretty specific about security, but does it do enough for mobile payment security? Expert Mike Chapple explains why he says yes. Continue Reading
Do you have the guts and technology know-how to undertake a self-assessment of your organization's Exchange-related risks? If so, start here. Continue Reading
Problem Solve PCI DSS Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading
With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation. Continue Reading
Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it. Continue Reading