What to Expect in the PCI 3.2 Update
April 04, 2016, Shawn Shifflett, CISSP, QSA, Senior Practice Director, PCI
A preview of new requirements and guidance expected later this month from the Payment Card Industry Security Standards Council was announced Thursday. The PCI DSS 3.2 version represents the first update to the standard that the Council has released since 3.1 in April 2015 and 3.0 in November of 2013.
What You Need to Know From the Cybersecurity Act of 2015: Part One
January 19, 2016, Rick Link, Managing Director
On Dec. 18, 2015, President Obama signed into law an omnibus spending bill that included the Cybersecurity Act of 2015 (“The Act”). The Act was a compromise of cybersecurity information sharing bills that passed the House and Senate earlier in 2015. It creates a voluntary process for sharing cybersecurity information and is intended to encourage public- and private-sector entities to share cyber-threat information. The Act is controversial, as the active sharing of information between and among the Federal Government and private sector entities does not currently occur routinely or effectively.
PCI Council Gives Merchants Reprieve on PCI 3.1 Updates
January 07, 2016, Shawn Shifflett, CISSP, QSA, Senior Practice Director, PCI
The Payment Card Industry Security Standards Council (PCI SSC) released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended.
2016 Cybersecurity Predictions
December 10, 2015, Larry Jones, CEO
The lessons learned from this past year teach us that no one is immune to cyber threats. The sooner corporate boards and executives come to understand that cybersecurity breaches are a very real and pervasive threat; then the hard work can begin to take preemptive measures and prepare an appropriate response and recovery strategy.
Highlights from the HITRUST Health Industry Third Party Assurance Summit
November 19, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director
On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification. While this is old news, HITRUST assembled more than 350 business-associate attendees at the “Health Industry Third Party Assurance Summit: Driving Efficiencies and Compliance through the HITRUST Assurance Program” last Friday as a way for business associates to (1) better understand the reasons for the mandate, (2) understand the journey to CSF certification, (3) interact with CSF Assessor organizations (such as Coalfire), and (4) learn about current initiatives underway at HITRUST.