PCI’s new Secure Software Lifecycle (SLC) assessment standard has been released. This new Secure SLC standard, released alongside the Software Security Framework (SSF) that we’ll talk about in a separate blog, provides a framework for assessing how payment software vendors develop and maintain secure payment software. Similar to the current Merchant and Service Provider PCI […]
Today’s QSA tip has the potential to save you a lot of time, effort, and cost associated with getting your organization into compliance with the PCI Data Security Standard (DSS). Triaxiom Security is a PCI QSA certified company who performs audits on a myriad of organizations trying to meet PCI standards. From large organizations who […]
There are several phases of a security incident that are important, but first and foremost, the identification that an incident occurred is your first opportunity to gather information and understand what is going on. It’s helpful to have a checklist that employees are aware of to take down some initial information that can help your […]
One of the questions we get most when at hiring events, conferences, trade shows, etc. is how can someone get into penetration testing or break into the industry as a penetration tester? There are many avenues to becoming a penetration tester, but today we will touch on a few strategies to help get your foot […]
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
As penetration testing continues to grow in popularity and more companies are either required to have it or are doing it as part of best practice, people are running into the problem of how to shop for penetration testing. But what makes a good penetration testing company and how do you compare companies? What should […]
