As we move through the requirements of PCI DSS 4.0, we’ve reached the point where the standard specifies what it means to protect data as it moves through and outside of private and public networks. 

Encryption seems like a no-brainer, but in many cases, organizations have no idea how to manage their encryption approach properly. Key management, minimum strength, and application points can be challenging to juggle without understanding how it fits into the bigger picture. 

Here, we’ll discuss the fourth requirement of PCI DSS 4.0 and what it says about in-transit encryption.

Read More

GDPR has needed a centralized assessment and certification model for some time now. Still, with the plethora of certifications and standards covering different business contexts, there has yet to be a single approach that has risen to the top of the heap. However, the governing bodies of GDPR have authorized the new Europrivacy standard to forego this certification balkanization in favor of a new, hybrid process.

Read More

As technology advances, the need for effective cybersecurity measures becomes increasingly important. The necessity for regular testing, including penetration testing, has raised awareness of best practices and standards for such assessments.

The National Institute of Standards and Technology (NIST) has developed comprehensive guidelines and standards to help organizations safeguard their information systems from cyber threats. Among these guidelines is NIST 800-115, a guide for conducting penetration testing on information systems.

This article will explore the fundamental principles of NIST 800-115 and the benefits of conducting penetration testing according to its guidelines. We will also discuss how organizations can use the information gathered from penetration testing to improve their cybersecurity. Organizations can better protect their systems and data from cyber threats by following the recommendations outlined in this guide.

Read More