PCI DSS ASV scanning explained for dummies

Organizations across the globe are increasingly adopting PCI DSS to demonstrate that they securely store payment card data. Payment Card Industry Data Security Standards (PCI DSS) is a set of technical and operational requirements laid down by the PCI SSC (PCI Security Standard Council). Over the years, PCI DSS has become a reasonably expected compliance … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

HITRUST Compliance for Dummies

HITRUST stands for Health Information Trust Alliance (HITRUST). This alliance has defined and established a CSF – Common Security Framework. This framework can be used by organizations that access, store, create, or exchange either regulated or sensitive data. The framework has a set of prescriptive controls that harmonize the requirements of many standards and regulations in one place.  Background Story  … Continued

PCI DSS Compliance for SaaS Companies – An Overview

An increasing number of Software-as-a-Service (SaaS) providers are now involved in the transmission and storage of cardholder data. They may not be actually processing the data, the mere notion of storage and transmission brings such SaaS providers under the scope of PCI DSS compliance. In this article, we explore what PCI DSS compliance means for … Continued

NIST Cybersecurity Framework Compliance

The first version of the NIST Cybersecurity Framework was published in 2014, and it was updated for the first time in April 2018. Although there have not been any substantial changes, however, there are a few new additions and clarifications. Appendix A of this framework is often called the Framework Core, and it is a twenty-page document that lists five functions – Identify, … Continued

HIPAA and Penetration Testing – Part II

In the first part of this article, we discussed the basics of HIPAA along with the Privacy Rule and the Security Rule in brief. It must be noted that the Security Rule only applies to ePHI, and it prescribes three types of safeguards – administrative, technical, and physical. Each of these safeguards is discussed in … Continued

GDPR and Penetration Testing

GDPR has already been endorsed as the most stringent data protection regulation after it was passed in April 2016. Coming into effect on May 25, 2018, organizations dealing with the data of EU residents continue to face a dilemma as to what are their responsibilities under this regulation. Questions related to GDPR often revolve around … Continued

HIPAA Compliance on AWS – Cheatsheet

The Health Insurance Portability and Accountability Act of 1996, commonly called HIPAA, deals with the privacy and security of medical data in the United States. In order to deal with the protected health information (PHI) of an individual, a covered entity or its business associates service providers must fulfill the regulatory requirements of HIPAA and … Continued