A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re prepared for when auditors come knocking on their door.


Foundational Controls Make the Hard Things Easier to Do

Let’s begin with a short story. Imagine that we have two large organizations in the public sector. These entities are very similar. Both are on the receiving end of cyber threats. Both adhere to multiple compliance standards. And both need to ensure that their IT systems are functioning and working as planned. But they’re not entirely the same. Take Organization A, for example.

Master Class - PCI Compliance and Vulnerability Management for Kubernetes - 2020-05-05

This is the Rancher Master Class with NeuVector that was held on May 5, 2020. In it NeuVector talks about the challenges with PCI-DSS compliance when working with Kubernetes and presents strategies for securing containers and content, both using OSS tools and with their paid solutions.

What are the PCI DSS Security Audit Procedures?

The Payment Card Industry Data Security Standard (PCI DSS) represents an information security standard designed for organizations that store, process, or transmit credit cards and are exposed to cardholder data. The card brands themselves have advocated for the PCI standard which is administered by the Payment Card Industry Security Standards Council (PCI SSC). Given organizations are interested in compliance, many ask the question “what are the PCI DSS Security Audit Procedures”?

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

The Payment Card Industry (PCI) Security Standards Council recently released a new security framework to replace the previous standard (PCI PA-DSS). The new framework is set to better address the changes that the software development industry has seen in the past few years. Agile and DevOps methodologies, cloud and containerized environments and widespread open source usage have become the new normal and with this, present new AppSec challenges. To ensure that users of payment apps remain safe, the new framework aims to lay a substantial value on continuous application security.

What is the UK Cyber Essentials Certification and How Can it Help Your Organization?

Cyber Essentials and Cyber Essentials Plus are UK government-backed schemes that are designed to help protect organizations against 80 percent of most common cyber-attacks. This scheme lays out five basic security controls that must be implemented in order to defend against today’s most common cyber threats. These controls are closely aligned to other notable security frameworks, including the Basic CIS Controls as well as the PCI DSS requirements.


Privacy Protections, PCI Compliance and Vulnerability Management for Kubernetes

Containers are becoming the new computing standard for many businesses. New technology does not protect you from traditional security concerns. If your containers handle any sensitive data, including personally identifiable information (PII), credit cards or accounts, you’ll need to take a ‘defense in depth’ approach to container security. The CI/CD pipeline is vulnerable at every stage, from build to ship to runtime.