PCI DSS ASV scanning explained for dummies

Organizations across the globe are increasingly adopting PCI DSS to demonstrate that they securely store payment card data. Payment Card Industry Data Security Standards (PCI DSS) is a set of technical and operational requirements laid down by the PCI SSC (PCI Security Standard Council). Over the years, PCI DSS has become a reasonably expected compliance … Continued

How to choose a PCI DSS penetration testing partner?

Cyber attacks are getting increasingly sophisticated and complex. An organization cannot sit back and wait for a security incident to occur before taking any action. Modern-day organizations need to adopt proactive as well as reactive measures to minimize cybersecurity risks comprehensively. Penetration testing is one such proactive measure that helps an organization in identifying vulnerabilities … Continued

PCI DSS compliance for your Azure hosted SaaS

Cloud computing has brought in a paradigm shift and transformed how organizations across the globe offer their services. Instead of setting up physical infrastructure, most organizations prefer moving to a cloud environment for on-demand access to resources. Cost-effectiveness and minimal management requirements further push SaaS providers to rely on cloud infrastructure, as compared to physical … Continued

Penetration Testing and Vulnerability Scanning Requirements for PCI DSS

Penetration testing and vulnerability scanning exercises have become standard practices for modern-day enterprises. In our latest series of blog posts, we are discussing how these exercises meet the compliance requirements of various standards, laws, and regulations. We discussed penetration testing and vulnerability scanning controls in ISO 27001:2013 here. In this article, we will be focusing … Continued

PCI DSS Compliance for SaaS Companies – An Overview

An increasing number of Software-as-a-Service (SaaS) providers are now involved in the transmission and storage of cardholder data. They may not be actually processing the data, the mere notion of storage and transmission brings such SaaS providers under the scope of PCI DSS compliance. In this article, we explore what PCI DSS compliance means for … Continued

Difference between SOC 1 and SOC 2

So often we have seen that our clients are confused between SOC 1 and SOC 2 audits. Though both these frameworks deal with the controls implemented within your organization, their focus areas are different. SOC 1 primarily focuses on how an organization is dealing with financial data. On the other hand, SOC 2 checks how an … Continued

Cyber Essentials Certification – All you need to know

Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the … Continued

Penetration Testing and Vulnerability Scanning for PCI DSS

Irrespective of the industry, penetration testing and vulnerability scanning exercises help businesses a great deal when it comes to the security of their technical infrastructure. For businesses processing sensitive data such as credit card data, such practices have more relevance than ever. The foundation for this article was laid by one of our previous articles where … Continued