PCI DSS version 3.1 released!
April 15, 2015, Matt Getzelman, PCI Practice Director
As expected, a “minor” revision to the PCI DSS 3.0 standard (now version 3.1) was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data Environment (CDE). In response, the SSC has updated PCI DSS requirements 2.2.3, 2.3 and 4.1 to remove any references that cite SSL 3.0 and early versions of TLS 1.0 as examples of strong cryptography.
Where is your social security number today?
April 14, 2015, Leslie Kaniecki, CPA/CGMA
As April 15 approaches, the “water cooler” talk revolves around all types of topics related to the tax season. However, due to the overwhelming number of security breaches reported this past year, several individuals are finding that fraudulent tax filings were created with voluntarily provided personal information. You are able to prevent this.
Optimizing Credit Card Compliance (PCI) and SOC2 Service Provider Audits
April 09, 2015, Carlos Pelaez, Director of Business Development
With the number of breaches in the news, companies processing credit cards may be interested to know how much overlap there is with a SOC2 service provider audit. PCI and SOC2 are two common compliance areas that many service providers purchase. With a new, third party tool provided by the Unified Compliance Framework (UCF) called Common Controls Hubs, companies can identify the common controls and prepare for multi-compliance audits.
The Future of Healthcare Cybersecurity: The Best Defense is a Good Offense
March 20, 2015, Andrew Hicks, Director, Healthcare Practice Lead
In the last five years with the increasing digitalization of health information, healthcare security breaches have increased four-fold with the industry experiencing more breaches than any other in 2013. With a large number of potential targets and the high value of personal medical information on the black market, healthcare organizations will continue to be more appealing targets.
COSO Framework for Service Organizations and SOC Reporting (Part 2 of 3)
March 06, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls
Every SOC report (whether it is a SOC 1, SOC 2 or SOC 3) should include information about the service organization’s risk assessment process. Risk assessment can take many forms and there is no “one size fits all” format. Risk assessment is intended to be an evolutionary process, designed to meet the specific needs of individual companies.