Regardless of the security or compliance framework you are mapping to, there will always be an established set of requirements stating that your business must have documented policies, procedures and standards in place. In this post I will clarify the difference between the three, and … Read more
Guest post by Ashley Halsey If you have a website where you sell products or services, you will need to understand PCI compliance to avoid hefty fines for non-compliance. In this article, we will take a look at what PCI compliance is and why you … Read more
You’ve just been informed that your small business needs a firewall for PCI compliance. If you have no idea what that is and why your small business would even need a PCI-compliant firewall, then you’ve come to the right place. What is a PCI-Compliant Firewall? … Read more
A few weeks ago I was talking with one of my coworkers about the whole security vs compliance conversation. Up until then, I held the premise that compliance does little for security. In retort to my statement he asked the rhetorical question, “Where would these … Read more
The PCI DSS self-assessment questionnaire can be challenging for non-technical people, especially when you don’t understand the different terms floating around inside it. “Qualified Integrator and Reseller” is one of those terms that is known to throw merchants for a loop. The PCI DSS question … Read more
Excerpted from the ControlScan white paper, “Terminal Encryption for Security and PCI Compliance.” When the PCI Security Standards Council (SSC) released the first version of the PCI Point-to-Point Encryption (P2PE) standard in 2011, its goal was to help merchants obtain a path to compliance that … Read more