For many organizations, compliance with data security standards doesn’t seem to be getting easier. Compliance efforts often compete with projects that address information security threats and vulnerabilities, and these efforts often lose out in the battle…

While relatively a newcomer to the IT compliance scene, PCI DSS has been mandated by all members of the PCI Security Standards Council, including Visa International, MasterCard Worldwide, American Express, Discover Financial Services and JCB International…

Using the user, group and role-based management features of payment and business applications that accept cardholder data or sensitive authentication data is not enough to secure your data and ensure compliance with PCI DSS requirements.

The set of system…

The controls used in the cardholder data environment (CDE) and the risks considered during the CDE scoping effort, such as all possible user access to account data (CHD and SAD), the DSS points them to consider whether the organization identified “all…

As if PCI, SOX, HIPAA, GLB, and all the other alphabet-soup regulations aren’t enough to bog down your security program, we now have a new one rearing its ugly head. The new regulation is the European Union General Data Protection Regulation – or GDPR…

For many organizations, compliance with data security standards doesn’t seem to be getting easier. First of all, IT security compliance efforts are forever competing for attention and funding with information-security projects, operational vulnerabilities…