Articles

PCI Compliance Gotcha: Directing Customers to Labs/Kiosks

Many merchants use third-party payment systems or gateways for online payment card processing, often at the direction of their PCI Team, as this is an excellent way to reduce the organization’s PCI scope and push the majority of the responsibility to the vendor. However, it is important to remember that customers should always be completing these payments online using their own personal devices.

PCI Compliance Gotcha: Directing Customers to Labs/Kiosks

NIST SP 800-171 Series: Security Assessments

In our continuing series highlighting the controls from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev. 2, we turn our focus to Requirement 12, Security Assessment, which requires a periodic assessment of the security controls in organizational systems to determine if the controls are effective in their application.

NIST SP 800-171 Series: Security Assessments

Proper MFA Configuration and PrintNightmare

More and more organizations are continuing to outsource and fulfill needed services with third-party partners and cloud services providers. Unfortunately, this increasing reliance on third-parties can also increase the organizations’ exposure to risk, and we continue to see more breaches of third-party systems. Attackers are targeting technology providers with direct access to multiple customers, versus trying to compromise customer systems individually.

Proper MFA Configuration and PrintNightmare

The Lifecycle of Third-Party Vendor Management and Security Assessments

More and more organizations are continuing to outsource and fulfill needed services with third-party partners and cloud services providers. Unfortunately, this increasing reliance on third-parties can also increase the organizations’ exposure to risk, and we continue to see more breaches of third-party systems. Attackers are targeting technology providers with direct access to multiple customers, versus trying to compromise customer systems individually.

The Lifecycle of Third-Party Vendor Management and Security Assessments

“a lack of compliance could mean nothing at all – until a data breach occurs”

While private businesses research and invest millions of dollars into the latest cybersecurity measures to avoid data breaches, organizations in other industry sectors still need to catch up.

“a lack of compliance could mean nothing at all – until a data breach occurs”

Data Privacy:
Compliance Doesn’t Equal Security, But What About Privacy?

Data Privacy, or information privacy, typically refers to the ability of an individual to determine how, when, and to what extent their personal information can be shared. Privacy is the protection of personal data from unauthorized access, as well as the right to control how that data is stored, collected, and disclosed.

Data Privacy: 
Compliance Doesn’t Equal Security, But What About Privacy?

Cybersecurity Tabletop Exercises for Leadership Teams

This year security experts predict a continued increase in the severity and volume of ransomware attacks.

Cybersecurity Tabletop Exercises for Leadership Teams

PCI DSS: Maintaining an Asset Inventory

When it comes to monitoring and maintaining your CDE, one of the most important factors is ensuring you have an up to date inventory of all assets.

PCI DSS: Maintaining an Asset Inventory

Risk Assessment

Part 11 of CampusGuard’s series covering each of the critical controls from NIST SP 800-171 rev.2

Risk Assessment

GLBA Safeguards Rule Updates

In response to the continued increase in cyberattacks, ransomware, and data breaches, the Federal Trade Commission (FTC) recently announced new information security requirements for institutions subject to the Gramm-Leach-Bliley Act (GLBA). Organizations are being encouraged to assess their current information security programs now and structure the necessary plans to achieve compliance with the amended requirements.

GLBA Safeguards Rule Updates

PCI Training

What is not explained within the DSS is exactly what the awareness training program is required to cover.
What should your organization’s PCI Training program cover?

PCI Training

Ecommerce Payment Card Fraud: Carding

With COVID-19 pushing more and more consumers towards online shopping, cybercriminals have been quick to follow. In fact, ecommerce or online payment fraud is expected to cost online retailers over $20 billion in 2021.

Ecommerce Payment Card Fraud: Carding