After discussing a number of the other Self Assessment Questionnaires (SAQs) that merchant organizations may need to complete for PCI DSS compliance, we have finally reached the peak if you’re a merchant. This final SAQ for merchants (we’ll cover D for service providers soon) is the catch-all that applies to any organization that isn’t able […]
Passwords are commonly one of the biggest weaknesses we find when performing a penetration test. It seems that no matter what password policy you have in place, users will still use Comany123, Spring2019, or a keyboard pattern for their password. An attacker can easily guess these and gain access to sensitive resources or even your […]
A penetration testing proposal or quote for penetration testing services serves two primary purposes. The first, obviously, is to provide a price for the requested services and clearly define the scope that those services will cover. Second, and maybe less obvious, is that a proposal acts as your first chance to begin vetting the penetration […]
We’re back again to discuss another SAQ in our series covering the different SAQs that an organization can complete to meet PCI DSS requirements. This decision is an important one, as your applicable SAQ will increase or decrease the number of requirements that you need to address (which equates to cost) as well as the […]
The 2013 Target data breach is one of the most infamous attacks in the past decade. Attackers gained access to the point-of-sale (POS) terminals and stole the credit card information for up to 40 million customers during the peak of the 2013 holiday season. This attack cost Target over $300 million dollars in actual expenses, […]
We come back to our series covering the different SAQs that an organization can complete to meet PCI DSS requirements. This decision is an important one, as your applicable SAQ will increase or decrease the number of requirements that you need to address (which equates to cost) as well as the scope of systems that […]
In 2018, the last two states (Alabama and South Dakota) passed data breach laws. This means that as of January 2019, all 50 states now have a data breach notification laws requiring businesses to report data breaches affecting their organization. Similarly, a number of states (like New York did for financial companies) are beginning to […]
As we continue discussing the different SAQs that organizations complete, we’re going to cover another very specific merchant SAQ today. Merchants that use (point-of-interaction) POI terminals connected directly to the Internet and their payment processor can complete an SAQ B-IP, as of PCI DSS version 3.0 (February 2014). We’ll cover which merchants can use this […]
The first time getting any type of penetration test as an organization can be intimidating. You’re not sure about the process, you’re not familiar with the company doing the testing, and you may not even be sure on what success looks like. Today, we’ll explore 5 tips for your first penetration test to help you […]
In today’s blog, we are going to explore the concept of a Demilitarized Zone (DMZ) in computer networking. Specifically, what is a DMZ and what does it protect your organization from? Second, we will explore what makes a DMZ so important and why so many compliance regulations require one. With that, let’s jump right into […]
