PCI has been around for years, yet I’ve seen very few papers on how to choose the right QSA for your business. At least not the ones that aren’t completely biased. You would think both the card brands and the SSC would want to help you achieve compliance in line with your business needs and […]
Selecting the Right QSA For Your Business Read More »
17 years, 3 months, and 7 days ago, Visa released the first version of the Payment Card Industry Data Security Standard (PCI DSS). 9 versions later, the PCI Security Standards Council (PCI SSC) is on the cusp of releasing the long-anticipated / debated version 4.0. Every organisation to whom this standard applies will be affected
PCI DSS v4.0, How Much Work is Involved? Read More »
In place of our regular classroom based training, we are offering our PCI DSS Training courses online, in a condensed one-day course. A limited number of complementary places are available to 2|SEC Consulting clients. Why train with us? Learn from real-life QSAs and Security Consultants Experienced trainers, having run hundreds of courses worldwide We allow
Online PCI DSS Training course – 1 Day Event Read More »
It has been estimated that becoming fully PCI compliant gets you no more than 47% of the way towards a recognised industry standard for information security. In this case, ISO 27001:2013. The chart below shows a comparison of how the PCI DSS requirements stack up to the ISO 27001 control objectives: While this is a
PCI DSS – A start, not the end, for the business Read More »
Cyber security is a topic on every organisation’s radar. The continued threat of ever evolving cyber-attacks, combined with the introduction of GDPR compliance means that there are serious businesses implications to successful attacks and the loss of data to any company. It is not the case of if you are going to be attacked, but
How do I make sure my business is cyber protected? Read More »
Join 2-sec at the PCI Community Meeting in Edinburgh – 18-20 October What is PCI SSC? The Payment Card Industry (PCI) Security Standards Council is a global forum that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security
2-sec Exhibiting at the PCI Europe Community Meeting Read More »
You can almost feel it happening, can’t you? Every time there is an introduction of, or a change to some regulation or another, the vultures of the legal, security consulting, and even security product vendors spin up their marketing machines to invent new promises on how they will ‘guide you through the pending minefield’. The
Privacy Shield (ex. Safe Harbor), Here Come the Vultures! Read More »
I’ve been busy assessing a Microsoft Azure environment as of late, for PCI DSS purposes. So. I go here to download their AoC: https://azure.microsoft.com/en-gb/support/trust-center/compliance/pci-dss/ The date of the AoC is December 31, 2014, and a number of requirements have been “Not Tested”, identified as “N/A” and Compensating Controls have been applied. I guess that’s fair
Is Microsoft Azure PCI DSS Compliant? Lessons in due diligence…. Read More »
According to the latest article from the SC Magazine in the UK, the latest PCI DSS version 3.1 release has “split the IT security profession” when it comes to deciding how much protection it is really providing the card holder who shops online. The article states: The v3.1 PCI DSS release addresses the well known, and high
PCI DSS v3.1 – how much protection does the new update give online? Read More »
