Malware is an ever-present, if sometimes forgotten, threat to our IT systems. We tend to think that anti-malware and other security measures have effectively blocked out the threats of old worms and viruses. The real threat is against network and application security. However, hackers always look to launch malware into compromised systems to listen, learn, and steal information. 

The fifth requirement of PCI DSS 4.0 is all about protection against malware. IT systems handling PAN or other cardholder information must have specific anti-malware security measures to mitigate these threats and ensure that they haven’t made their way into protected system resources. 

Read More

As we move through the requirements of PCI DSS 4.0, we’ve reached the point where the standard specifies what it means to protect data as it moves through and outside of private and public networks. 

Encryption seems like a no-brainer, but in many cases, organizations have no idea how to manage their encryption approach properly. Key management, minimum strength, and application points can be challenging to juggle without understanding how it fits into the bigger picture. 

Here, we’ll discuss the fourth requirement of PCI DSS 4.0 and what it says about in-transit encryption.

Read More