RSI Security

Blog

  • What Is the Incident Management Life Cycle?

    What Is the Incident Management Life Cycle?

    Preparing for cyber incidents involves more than merely being ready to react
    to (and neutralize) a one-off cyber attack. It involves the ability to respond effectively, plan proactively, and to defend your critical systems and data assets. To get ahead of evolving threats, and to recover thoroughly when attacks do occur, you need to be familiar with the Cyber Incident Management Life Cycle.

    Cyber incidents can run the gamut, from a simple email phishing attack to sophisticated malware or ransomware. Organizations now are investing more than ever in cyber-incident and attack preparedness, with 74% of companies saying Best Practices for incident prevention are their number one cybersecurity priority, followed by compliance mandates at a close second. A major part of this investment in readiness is the Incident Management Lifecycle, which lays out a framework of event management and how companies should respond in the event of an attack, hack, or breach.

    But what exactly is the incident response lifecycle? What are the various stages in the life cycle of incident management, and what specific elements, steps, and processes do they entail?  Read on to learn about the incident management lifecycle process, and how it can be used to protect your business.

    (more…)

  • Best Practices for Testing Your Cyber Incident Response Plan

    Best Practices for Testing Your Cyber Incident Response Plan

    Although you might think that your cyber defenses are virtually impenetrable, every organization needs a plan just in case a cyber attack or breach does in fact happen. That’s exactly why you need to formulate, and continually test, a detailed cybersecurity incident response plan.

    (more…)

  • Navigating PCI DSS and the Cloud

    Navigating PCI DSS and the Cloud

    Cloud computing is an important resource for organizations of any size and has seen increasing use in recent years for payment processing. Despite the prevalence of moving cyberinfrastructure to a cloud environment, many organizations fail to properly assess how if and how they will be able to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) when their cardholder data environment (CDE) exists entirely in the cloud. Understanding how to maintain PCI DSS compliance when utilizing cloud services is essential for the numerous modern organizations that rely on the scale and convenience that cloud services provide.

    In this article, we’ll break down some important considerations for organizations that are looking to maintain pci compliance storing credit card data in the cloud. In order to provide some context, we’ll outline what is cloud computing, what some of the advantages of cloud computing are, and explore some of the challenges of meeting the requirements of pci dss regulations when your CDE has either partially or fully cloud-based services.

    (more…)

  • What is a Token Service Provider?

    What is a Token Service Provider?

    When it comes to ensuring that only authorized personnel are allowed into systems remotely, one of the best ways is to use a token. When it comes to keeping Credit Card Holder Data protected, one of the best solutions is tokenization. Many options exist for token use as well as for tokenization. We will discuss the basics of tokens, tokenization, and token service providers (TSPs) below.

    (more…)

  • Upcoming PCI Programs And Changes

    Upcoming PCI Programs And Changes

    The Payment Card Industry Security Standards Council (PCI SSC) releases regular updates to existing programs and creates new programs on an ongoing basis as security needs change. Staying abreast of the changes to PCI programs is essential to maintaining PCI compliance over time. Understanding what new programs are being created and how those programs might affect your operations is also important, as the creation of new PCI programs can impact security implementations in a variety of ways.

    (more…)

  • California’s New Cybersecurity Regulations: Internet Of Things Law

    California’s New Cybersecurity Regulations: Internet Of Things Law

    What do smart fridges, helpful robots, and Amazon’s Alexa all have in common? — the Internet of Things (IoT). Even if you aren’t already well acquainted with the IoT, you have most likely heard it in passing. The IoT’s elusive and ever-changing manner makes the concept difficult to define. Likewise, many cyber experts explain it in a different way, a fact that slows legislation regarding IoT security. Yet, with Gartner Inc. estimating society will utilize 20.4 billion connected devices by 2020, it’s imperative that IoT security awareness increases. Did you know that California just passed an Internet of Things legislation to improve cybersecurity? Find out more with this helpful article.

    (more…)

  • Protecting Telephone-Based Payment Card Data

    Protecting Telephone-Based Payment Card Data

    Protecting payment card data is essential in all environments, including when card data is taken over the telephone. Areas of organizations that interact with sensitive data in a telephone-based environment are particularly susceptible to fraud or theft of cardholder data. As such, protecting telephone-based payment card data is essential for all businesses that conduct transactions over the phone.

    (more…)

  • What Is PAN Data And Why Is It Important?

    What Is PAN Data And Why Is It Important?

    The act of storing primary account numbers (PANs) has already had a profound effect on network security for a plethora of organizations.  Massive data breaches have ensued over the years based on companies choosing to store PANs on their servers for ease of access.

    Many companies who have been inflicted by a data breach use this excuse of consumer convenience in their choice to store PAN data on their network.  These companies who use this excuse also are not Payment Card Industry Data Security Standard (PCI DSS) compliant as the PCI DSS requires that merchants never store track data, for any reason.  

    (more…)

  • How to Build an Effective Vulnerability Management Program

    How to Build an Effective Vulnerability Management Program

    Vulnerabilities can wreak havoc on your network if you don’t take the necessary precautions to combat them. Having a robust cybersecurity program in place that is focused on vulnerability management can help your organization stay on top of potential security risks before they happen.  

    (more…)

  • What Is Patch Management?

    What Is Patch Management?

    Security measures are never foolproof. No matter how many precautions companies and users take, threat actors always find a new point of entry to exploit. Identifying and fixing vulnerabilities requires time, and there lies one of the greatest challenges — deploying sound fixes within a tight time constraint.

    (more…)