Image Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using...

Image The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a minimum degree of security when it comes to handling customer card information. While the Standard has been around for over a decade, penetration testing has only recently been officially incorporated into the process. There’s a lot to cover...

Image Nearly half of organizations that store, process or transmit card data are still failing to maintain PCI DSS compliance from year to year, reveal new statistics. According to the 2017 Verizon Payment Security Report, the number of enterprises becoming fully compliant is on an upward trend—growing almost five-fold since 2012....

Image Since 2004, merchant companies that handle branded credit cards have worked to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). These regulations, which consist of six fundamental control objectives and 12 core requirements, aim to protect payment card data for customers. They also help card...

Image Looking at the cyberthreat landscape, millions of new devices come online every day. But there’s a shortage of qualified cybersecurity workers to protect those devices once they come online. Additionally, in almost every case, it takes minutes or less to compromise them. Simply running more vulnerability scans to collect more...

Image To protect against evolving digital threats, more and more organizations are employing endpoint detection and response (EDR) systems on their computer networks. EDR consists of six crucial security controls. The first two, endpoint discovery and software discovery, facilitate the process of inventorying each device that is...

Image There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy. PCI has been around since 2006, and aims to protect...

Image The recent announcement from the Payment Card Industry Security Standards Council (PCI SSC) that it will be moving the PCI 3.1 deadline to June 2018 – giving an extra 24 months – caught my attention and reminded me of the ongoing dance between compliance and security. From a compliance and operational standpoint, the new...

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data.   Image ...

Image This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three,...

Image Recently, I introduced a three-part series on how to build a successful vulnerability management program. The first installment examined Stage 1, the vulnerability scanning process. My next article investigates Stages 2 (asset discovery and inventory) and 3 (vulnerability detection), which occur primarily using the organization...

Image An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Such vulnerability...

Image Earlier this year, the PCI Security Standards Council officially released PCI DSS 3.1 only months after its predecessor (version 3.0) came into effect. With a typical three-year period between standard revisions, the out-of-band update caught many off guard, especially organizations still in the process of complying with the...

Image   Despite retailers’ continuous improvement in compliance with the Payment Card Industry (PCI) security standards, four out of five companies are still failing at interim assessments, according to Verizon’s latest report. The report highlights that the overall state of compliance grew significantly in 2014, with 20 percent of...