Tag: PCI compliance

NIST Recommendations for Security in the Outsourced Cloud

NIST (The National Institute of Standards and Technology) provides a number of recommendations addressing security and privacy issues with outsourcing cloud hosting services in its Guidelines on Security and Privacy in Public Cloud Computing published last December: Governance NIST refers … Continue reading

Posted in Cloud Computing, HIPAA Compliance, PCI Compliance | Tagged , , , , | Leave a comment

Two-Factor Authentication to Meet HIPAA and PCI Compliance

What is Two-Factor Authentication? The simplest example may be the use of an ATM/debit card – this combines two factors; one is something you own (the card) and the other is something you know (the PIN number). Employees and other … Continue reading

Posted in PCI Compliance | Tagged , , , | 1 Comment

Global Payments Inc. PCI Data Breach Affects 1.5 Million

Nearly 1.5 million consumers have been hit by a major credit card hack – a statement by Global Payments Inc. reports that credit card numbers may have been exported by hackers with access to its payment processing system. Global Payments … Continue reading

Posted in PCI Compliance | Tagged , , , , , | Leave a comment

PCI Compliance with Service Providers

The PCI sub-requirements and testing procedures 12.8-12.84 concern the relationship between merchants and their service providers, including PCI compliant hosting providers. The sub-requirements fall under the main requirement #12: Maintain an Information Security Policy – meaning a merchant must maintain a … Continue reading

Posted in PCI Compliance | Tagged , , , , , | Leave a comment

PCI Compliance Status & Data Breaches

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on … Continue reading

Posted in PCI Compliance | Tagged , , , , | Leave a comment

Mobile Security: Are Most Apps Safe?

With smartphones and social media platforms becoming a major means of communication between friends, family and co-workers, we have come to appreciate the evolution of mobile applications. With over 500,000 apps on iPhone, 350,000 on Android and thousands more on … Continue reading

Posted in HIPAA Compliance, PCI Compliance, SAS 70/SSAE 16/SOC | Tagged , , , , , , , | Leave a comment

Guide to PCI Compliance Levels & Merchant Types

Do you know what level of PCI (Payment Card Industry) compliance your company falls under? Or even what merchant type best categorizes your payment process? Here’s your guide to the four different levels of PCI compliance as mandated by the … Continue reading

Posted in PCI Compliance | Tagged , , , , , , | Leave a comment

Recent Data Breaches Exemplify the Importance of PCI Compliance

Strafor, the latest target of hackers, lost credit cardholder data in December that was released to the public later that month.  The data belonged to thousands of customers, including politicians, military officers, government officials and business executives. Stratfor is a … Continue reading

Posted in PCI Compliance | Tagged , , , , , , | 2 Comments

Data Breach Results in Email Marketing Spam

Just before the New Year, I received a strange email that appeared to be sent from the New York Times regarding my account. But the email referenced renewing my home delivery subscription, which I don’t have – I only have … Continue reading

Posted in HIPAA Compliance, PCI Compliance | Tagged , , , , , , , | Leave a comment

Data Center Standards Cheat Sheet: From HIPAA to SOC 2

With the confusion regarding what audits and auditor reports apply to certain aspects of data center standards, I felt the need to create a basic data center/hosting solution audit cheat sheet to simplify matters. Here’s your comprehensive guide to data … Continue reading

Posted in HIPAA Compliance, PCI Compliance, SAS 70/SSAE 16/SOC | Tagged , , , , , , , , , , | Leave a comment