In this blog post, we will cover the vulnerability scan requirements for Payment Card Industry Data Security Standard (PCI DSS). The adoption of these requirements helps ensure that your environment is not only compliant with PCI regulations, but also meets best security practices. This vulnerability data can also help provide a deeper understanding of your environment and where time and attention needs to be spent.
While credit and debit cards are extremely convenient, they've also opened up a whole new world of fraud. This makes the systems that retailers use to process these payments seem like great targets for hackers, and organizations from every corner of the globe are scrambling to secure themselves against these threats.
One big solution to this has been the Payment Card Industry Data Security Standard. The PCI DSS is a regulatory code that tells companies how they can better defend themselves against attacks levied to steal card data. It's an important tool in the fight against fraud and should be strictly followed.
Due to the fact that credit and debit card data can be used to anonymously purchase goods and transfer money online, this information has become highly sought after in the criminal underworld. Hackers are compensated generously for gaining access to these cards, and are therefore motivated to break into the systems that hold them.
But exactly how do these individuals go about getting a hold of this information? Let's dive in:
If your organization is subject to PCI DSS 3.2 compliance, you’re likely aware of the looming deadline mandating the migration away from the use of SSL and TLS v1.0 to a “secure” version of TLS, as defined by NIST (currently v1.1. or higher). The PCI Security Standards Council previously released a bulletin on the migration to help explain the reasons for the change and what steps are necessary. While the PCI Security Standards Council has extended the deadlines for compliance, there are very real reasons not to wait to make the move.
Banks, credit unions, and other financial institutions face major challenges when protecting financial data in today’s threat landscape. In addition to protecting consumer data and financial records, IT security teams also deal with auditing mandates for GLBA, FFIEC, SOX, PCI, and a patchwork of federal, state, and other industry regulations. In 2014, the Federal Financial Institutions Examination Council announced a new effort focusing on cyber security, including an audit of an organization’s ability to manage cyber security and mitigate cyber risk. The task of monitoring thousands of network and system events can seem overwhelming. EiQ’s SOCVue® hybrid SaaS security services help overcome these challenges by providing the right people, process, and technology in order to deliver increased security visibility and guidance to effectively reduce cyber risks and meet compliance requirements.
According to Forrester Research, mobile payments accounted for $52 billion of U.S. transactions in 2014—and the figure is expected to increase to $142 billion by 2019. Furthermore, eMarketer predicts that mobile wallets (such as Android Pay, Samsung Pay, and Apple Pay) will become a standard feature on new smartphones, with merchants eager to accept payments from them.
But the increased prominence of mobile payments also means new security threats—here's what you need to know.
We’ve been having a lot of conversations recently with banks and financial organizations about not only meeting GLBA and PCI-DSS requirements, but also making sure they are prepared for the FFIEC examinations. On the heels of the release of the FFIEC Cybersecurity Assessment Tool this summer, financial organizations are recognizing shortcomings and gaps with their current security processes and systems and looking for ways to correct the issues within constraints of limited budgets, time, and other resources.
Continuous security monitoring has become the new norm for employers as they battle today's growing cyber security threats. Not only do they have to worry about threats from the outside, they have to be concerned about internal risk from employees as well. With so much to do in IT security already, how can employers alleviate some of the burdens? Working with EiQ Networks is an optimal way to resolve your company's IT security concerns because we have the right people, process, and technology in place to make it happen.
How long should you keep event logs? Before you can answer that question, you need to answer the question “why am I keeping event logs in the first place?”
For compliance reasons
The most common answer - organizations often use log management tools to comply with regulations. If you’re keep logs for compliance reasons, consult the specific compliance guidelines for your industry.
In recent weeks several major retail chains (Target, Kmart, Home Depot) have announced security breaches with more certainly under attack. These types of attacks are hardly new, just new to retail. And retailers are struggling to maintain consumer confidence and respond to new requirements for security. But it’s important to remember though that breaches occur on an ongoing basis. The headlines certainly focus on the substantial breaches, but we think the reality is most organizations have incidents of all kinds on a regular basis, whether that's a lost laptop with personal information or a box of paper records that goes missing.