The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, […]
PCI’s new Secure Software Lifecycle (SLC) assessment standard has been released. This new Secure SLC standard, released alongside the Software Security Framework (SSF) that we’ll talk about in a separate blog, provides a framework for assessing how payment software vendors develop and maintain secure payment software. Similar to the current Merchant and Service Provider PCI […]
Today’s QSA tip has the potential to save you a lot of time, effort, and cost associated with getting your organization into compliance with the PCI Data Security Standard (DSS). Triaxiom Security is a PCI QSA certified company who performs audits on a myriad of organizations trying to meet PCI standards. From large organizations who […]
There are several phases of a security incident that are important, but first and foremost, the identification that an incident occurred is your first opportunity to gather information and understand what is going on. It’s helpful to have a checklist that employees are aware of to take down some initial information that can help your […]
One of the questions we get most when at hiring events, conferences, trade shows, etc. is how can someone get into penetration testing or break into the industry as a penetration tester? There are many avenues to becoming a penetration tester, but today we will touch on a few strategies to help get your foot […]
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
