The Payment Card Industry Security Standards Council (PCI SSC) recently released a new document guiding targeted risk analysis. This approach to security is a cornerstone of the PCI DSS 4.0 update, and yet, for many businesses, this is something new that they may need help understanding.
This article will discuss Targeted Risk Analysis, its role in PCI DSS 4.0, and how your organization can consider implementing these measures as part of their compliance efforts.
We’ve often focused on security and maintenance from the perspective of technology itself–specifically, how it is deployed and used by individuals in the real world. But, the truth is that assessments of security technologies don’t start when an enterprise deploys them. Rather, in cases of tech like cryptography modules and biometrics, it begins in the lab that creates them. And that’s where the National Voluntary Laboratory Accreditation Program comes in.
This article discusses NVLAP and its vital function in enhancing the credibility of laboratories involved in testing and calibration. This includes using third-party assessment and rigorous standards to govern how labs protect and assure the products they produce.
Modern enterprise relies increasingly on a complex network of vendors and service providers to handle their infrastructure. From security and cloud computing to applications and logistics, these providers will often take the most important data that the enterprise generates or processes.
That’s why organizations must look at their vendors with more scrutiny. For example, getting involved with vendors that adhere to SOC 2 standards is a solid way to ensure that these providers maintain proper data security practices.