RSI Security

Blog

  • Protecting System Components in CDE through Encryption

    Protecting System Components in CDE through Encryption

    Encrypting your cardholder data environment (CDE) is of paramount importance if youre keen on not just protecting your customers card data, but also salvaging your organizations data security. If your company handles any amount of credit card information, it must comply with the PCI DSS (Payment Card Industry Data Security Standards).

    (more…)

  • Performing Regular Testing, Risk Analysis, and Addressing Risks

    Performing Regular Testing, Risk Analysis, and Addressing Risks

    Consistently testing and quickly addressing risks to your network security system is not just one of the common security controls that can be looked over, it is imperative to effective and safe performance. If your companys security system does not receive the necessary updates to its infrastructure, it can be potentially devastating for your organization.

    Not being on top of these essential tasks can open the door to a myriad of cyber security threats from internal and external sources that could take years to recover from. However your business plans to approach security system testing, you should make sure you efforts fall in line with Payment Card Industry Data Security Standard (PCI DSS) requirements. (more…)

  • PCI Compliance Firewall Requirements (PCI DSS Req. 1)

    PCI Compliance Firewall Requirements (PCI DSS Req. 1)

    With the rise of credit cards and online banking, financial theft has gradually shifted away from physical bank robberies to electronic payment fraud. Although payment cards facilitate convenient financial transactions for society, they also offer an ideal opportunity for threat actors to remotely steal a person’s identity or breach a companys information database. While all cybersecurity solutions are important, we want to first dive into how to increase your security across the payment card industry.

    (more…)

  • Developing a Cybersecurity Policy for Incident Response and Prevention (PCI DSS Req 12.1)

    Developing a Cybersecurity Policy for Incident Response and Prevention (PCI DSS Req 12.1)

    Were not even midway through 2018, and this year has already seen some of the most high profile companies and brands become victims to potentially malicious cyber attacks. Delta Airlines, Sears, and Panera Bread are just a few examples of high-profile companies that have had to contend with data breach and unauthorized access by outsiders so far this year.

    (more…)

  • Protect Cardholder Data With Antivirus Software

    Protect Cardholder Data With Antivirus Software

    What is Antivirus Software?

    Lets face it, we are living in a highly technical age. Computers and digital technology surround us, cell phones that fit in our pockets have turned into full blown portable computers. There have been threats to computers just about as long as computers have been around. The first antivirus (AV) software was used to protect against just that, a computer virus. The name remains today, but there are far more malicious tools out there other than viruses. Modern anti-virus software protections can include shields against trojan horses, worms, spyware, adware, rootkits and can sometimes include guards against phishing.

    (more…)

  • How to Keep Data Secure for Cardholders (PCI DSS Req. 3)

    How to Keep Data Secure for Cardholders (PCI DSS Req. 3)

    The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa. Non-compliance with the 12 requirements specified in the PCI Data Security Standards (DSS) puts your company at greater risk of a future data breach that comes with a steep financial cost as evidenced by the plethora of well publicized data breaches last year alone. Of the 12 PCI DSS requirements, it was found that 79% of failed PCI Compliance assessments were in non-compliance because of not being able to protect cardholder data via requirement 3. Thats huge.

    (more…)

  • Does a QSA need to be onsite for a PCI DSS assessment?

    Does a QSA need to be onsite for a PCI DSS assessment?

    Keeping cardholder data safe and secure is an important part of your business as well as an agreement with your payment card brands and acquirers in order to accept the credit card based payments. Compromised data has a negative impact on everyone involved. Protecting data can help:

    • Improve customer relationships
    • Increase overall profitability in any program
    • Prevent damage to your business’s reputation

    This blog is part of our series of articles that will address frequently asked questions and provide a comprehensive guide on PCI DSS requirements and compliance.

    Before we talk about QSA and on site assessment process for PCI compliance, heres a quick recap of the basics on PCI DSS.

    (more…)

  • Restricting physical access to cardholder data (PCI DSS Req. 9)

    Restricting physical access to cardholder data (PCI DSS Req. 9)

    Credit cards hold a remarkable amount of cardholder data. If that data were to fall into the wrong hands, it could ruin a persons life. Now, imagine your company has a database of millions of credit cards that are unique to their cardholder. If that database were to be remotely breached via a phishing scam or hack, your entire database of payment cards could be stolen in a blink of an eye. In 2012 alone, attackers posing as legitimate service people substituted the payment devices and subsequently compromised three large retailers. It was found that 39% of organizations had been breached through insecure remote access (which was the single largest origin of compromise that organizations encountered).

    (more…)

  • Are you ready for GDPR enforcement?

    Are you ready for GDPR enforcement?

    The European Unions new data protection law, the General Data Protection Regulation (GDPR), went into effect on May 25th, 2018. The GDPR is a broad and substantial regulatory change meant to create uniform standards by which users personally identifiable information (PII) is stored, transmitted, and protected against theft. Many companies may be bound by the GDPR and not realize it. As such, they are at risk of being found non-compliant with the GDPR which can incur significant fines. In this article, well outline who is covered by the GDPR and explore the penalties that businesses can incur by being found non-compliant. The GDPR sets a high bar for compliance, and may require businesses to significantly change what types of data they store and how that data is stored. As such, a GDPR risk assessment or GDPR readiness assessment conducted by a qualified security assessor is essential to identifying areas of non-compliance and creating a comprehensive GDPR compliant data management system going forward.

    (more…)

  • What are GDPR Recitals?

    What are GDPR Recitals?

    The General Data Protection Regulation (GDPR) was recently adopted in the European Union but has far-reaching consequences for businesses operating around the world. The GDPR was crafted and adopted with the intention of creating a durable body of regulations that protect what personal data can be collected from individuals in the EU, how that data is processed, transmitted, and stored. The rollout of the GDPR has confused many businesses that are based outside of the European Union, who may not realize that they fall under the jurisdictional scope of the GDPR. Also confusing is the structure of the regulation, which has been crafted to adhere to standards consistent with the Court Justice of the European Union. In this article, well work to bring some clarity to the discussion regarding the GDPR. In particular, well outline the basics of what the GDPR is, who is covered by it, and whether your company should consider outsourcing your efforts to achieve GDPR compliance.

    (more…)