Tips

Tips

Audit and compliance planning

• PCI DSS 2.0 and virtualization compliance for SMBs

  PCI DSS 2.0, which debuts this month, includes key changes for SMBs in the areas of virtualization and vulnerability assessments. Expert Mike Chapple details the changes and explains what midmarket firms must do to comply.  Continue Reading

• PCI DSS requirement: Building and maintaining a secure network

  The first PCI focus area requires a set of documented configuration standards, perimeter and endpoint protection.  Continue Reading

• Five things to do before your first PCI DSS compliance audit

  Put these steps in motion before your organization's first PCI DSS compliance audit.  Continue Reading

• PCI DSS: Writing an information security policy

  The final set of PCI requirements relates to maintaining a security policy, and also addresses awareness training, personnel screening and managing service provider relationships.  Continue Reading

• PCI DSS requirement: Monitoring and testing security

  The fifth focus area of PCI-DSS requires regular monitoring of systems and activity, as well regular testing of controls.  Continue Reading

• PCI DSS requirements include strong access control procedures

  The fourth focus of PCI DSS requirements governs how organizations enable and restrict access to cardholder data and limit physical access to cardholder data.  Continue Reading

• PCI DSS requirement: Protect cardholder data

  The second PCI DSS focus area spells out how organizations must secure cardholder data they store and transmit.  Continue Reading

• Considerations for encryption and compliance

  It's often thought that a wide-ranging encryption implementation can prevent data loss and satisfy compliance mandates. Reality, of course, is more complex. Contributor Trent Henry discusses the pros and cons of various encryption strategies, as ...  Continue Reading

• Consider a compliance-driven security framework

  Midmarket companies bound to regulations such as PCI DSS, HIPAA and Sarbanes-Oxley should consider using these requirements as the basis for their security programs.  Continue Reading

• Preparing for a network security audit starts with monitoring and remediation

  Security professionals each have their own way of getting ready for their annual network security audit. All too often, IT teams rush around and make last-minute adjustments to their configurations and processes. Clever security folks, however, ...  Continue Reading