In this blog, we’re going to do a quick review of PCI DSS Requirement 12.11 and provide some strategies for service providers who need to maintain PCI compliance. As you may have guessed from context clues in the first sentence of this blog, this requirement only applies to service providers and does not need to […]
The users who are in your domain administrators group have the keys to the kingdom. With few exceptions (non-Windows systems), they can access any system and any file in your network. This includes the privacy information, HR information, and intellectual property that you are trying to protect. As such, the domain administrators group must be […]
As we continue our series of blogs hitting on some tips to help your organization maintain PCI compliance, we’re going to take a look at network documentation. When preparing for an initial PCI-related audit or trying to maintain your compliance program over time, an important part of that is your network documentation. This includes things […]
Ever wonder how companies get away with selling dirt cheap penetration tests? Odds are they are outsourcing the work to offshore engineers in other countries. I’m sure there are some great penetration testing companies that are using offshore resources and I know there are great companies that are headquartered in places besides the United States, […]
Today we’re going to tackle a consistent issue we see with companies trying to meet and maintain PCI compliance, creating evidence. When we talk about creating evidence for compliance purposes, we’re really talking about all the different ways you are proving that you are compliant. For example, it’s great that you tell me as an […]
No one likes to talk about documentation. And for good reason, it’s boring, tedious, and generally doesn’t accomplish any of your tasks or goals, it’s just ancillary support work. When it comes to PCI Compliance though, the more thorough your documentation is the easier your QSA onsite assessment will be or the more honestly you’ll […]
