PCI DSS News
March 23, 2018
News roundup: Is Alex Stamos leaving Facebook? The CSO hasn't confirmed, but reports say yes. Plus, an Orbitz breach exposed the payment card data of 880,000 people, and more.
January 26, 2018
News roundup: New IoT botnets compromise tens of thousands of devices worldwide. Plus, Kaspersky Lab filed an injunction against DHS, mobile POS gets a PCI standard, and more.
September 01, 2017
News roundup: More than half of enterprises are in compliance with PCI DSS, according to a Verizon report. Plus, Turla is on the attack again with a new campaign, and more.
November 29, 2016
Attendees at an SAP SME Summit lauded the e-commerce front end, but some said back-end integration and payment-processing features are needed before a full migration to the platform.
PCI DSS Get Started
Bring yourself up to speed with our introductory content
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help. Continue Reading
The big guys already have one -- now smaller cloud service vendors are hiring a cloud-specific security exec to focus on security. Continue Reading
A constantly evolving threat landscape and a deepening skills crisis has more enterprises looking to a managed security service provider for help handling some of their security requirements. The trend is expected to drive strong demand for MSSPs over the next few years, especially in areas like intrusion prevention and detection systems, distributed denial-of-service mitigation, unified threat management and security information and event management (SIEM). Estimates for the overall size of the global market over the next few years range from the low $20 billion to $35 billion. That makes it one of the fastest growing segments in the security industry. What are the factors CISOs need to consider when choosing a managed security provider and what are some best practices for getting the most out of these relationships?
Enterprises have a range of options for using such services, from managed on-premises or managed customer-premise equipment services to fully outsourced, cloud-hosted options. A hybrid security model has worked for Arlington County in Virginia. The local government's security operations center is managed by in-house engineers who inherently know the network and are better positioned to respond to SIEM alerts from the MSSP. "We preferred the hybrid approach because we had the seasoned staff available to perform this aspect of the security practice," CISO David Jordan said. "It's a positive and successful approach, and the results are repeatable."
Much of the managed security provider growth is being driven by the need for increased security and compliance measures at small to medium-sized businesses. In this issue of Information Security magazine, we look at the evolution of the managed security provider and the best ways to handle these partnerships.Continue Reading
Evaluate PCI DSS Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
In this excerpt from chapter 1 of Threat Forecasting, authors John Pirc, David DeSanto, Iain Davison, and Will Gragido discuss how to navigate today's threat landscape. Continue Reading
Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'? Continue Reading
Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF. Continue Reading
Manage PCI DSS
Learn to apply best practices and optimize your operations.
Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math. Continue Reading
A goal set by acquired cloud company Sonian is improving cybersecurity, whether through IT security frameworks or features in its service, co-founder says. Continue Reading
Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk assessments can help. Continue Reading
Problem Solve PCI DSS Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading
With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation. Continue Reading
Do you have the guts and technology know-how to undertake a self-assessment of your organization's Exchange-related risks? If so, start here. Continue Reading