Featured Blog

On March 21, 2014

Which version of PCI DSS do retailers need to comply with in 2014? Version 2.0 or 3.0?

The PCI Council officially released PCI DSS version 3.0 in January, 2014.  Many merchants are still working through their PCI Compliance audit that started in 2013 for the requirements of version 2.0.  Clearly, their Report on Compliance (ROC) will be based on providing evidentiary support requir ...

On March 18, 2014

Staying ahead of the hacker. Remaining on the cutting edge of data security and compliance.

Pundits say in data security, defenders should think like a hacker and protect like a defender and an attacker.  In other words, stay on the offense and defense constantly and all the time.  Make sure you take some basic steps.

1. Read More

On March 12, 2014

PCI DSS 3.0 New requirements – Maintaining an inventory of system components in scope

This is a requirement for sub-control 2.4.  Inventory of systems refer to all hardware and software, virtual or physical within the cardholder data environment (CDE). This essentially means a list of all the hardware and software used, their purpose in being in the CDE, what they are and why they ...

On March 11, 2014

PCI DSS 3.0 New requirements — More demanding penetration testing

One of the high priority requirements of PCI DSS 3.0 is rigorous penetration testing.   The specific controls that relate to this are 11.3 and 11.4.  Retailers have been told to follow a documented set of procedures and guidelines for verification of proper segmentation of cardholder data environm ...