In 2018, the PCI SCC introduced the new Associate Qualified Security Assessor (QSA) Program in order to attract new information security talent to the QSA Program, help meet the demand for QSAs, and ensure the sustainability of the QSA Program. With the shortage of information security talent, QSA companies have found it challenging to find …
The Associate Qualified Security Assessor Program Read More »
We are proud to announce our increased focus on the Health Insurance Portability and Accountability Act (HIPAA), the federal law that protects patient health information. By providing in-depth HIPAA training and subsequent Certified HIPAA Privacy Security Expert (CHPSE) certification to our key staff who play a key role in HIPAA compliance, we are well-equipped to …
With the start of a new year, it may be a good time for businesses to review their cybersecurity posture and realign their policies with industry best practices. The following ten cybersecurity tips were recently published during National Cybersecurity Awareness Month as a resource for small businesses. However, these guidelines could very well apply to …
January 2019, the PCI SSC published the PCI Software Security Framework v1.0 (PCI SSF). Program related materials (Program Guide, Reporting templates, et. al.) and the like are expected to be published mid-2019. But today, the PCI SSF standards are published and available on the PCI SSC website. The PCI SSF is composed of two standards: …
PCI Council Publishes New Software Security Standards Read More »
A look at recent breaches reveals the continued need for securing information. The Identity Theft Resource Center continues to collect an increasing amount of breach data (https://idtheftcenter.org/2018-data-breaches/ ), proving that criminals are still working hard at committing cybercrimes. Business data breaches no longer dominate news headlines, perhaps indicating a sense of complacency or business-as-usual view …
Replacing a guidance document published in 2014, the PCI Council recently published Information Supplement: Best Practices for Maintaining PCI DSS Compliance. This new supplemental document outlines guidance and instruction for handling challenges associated with preserving PCI DSS compliance after the PCI DSS assessment has completed. Challenges in maintaining compliance occur for a variety of reasons. An …
Best Practices for Maintaining PCI DSS Compliance Read More »
In response to questions we’ve received regarding the PCI Software Security Framework (PCI SSF), we’ve compiled the following answers to clarify the PCI Council’s newest standards. Does the PCI SSF apply to me? The PCI SSF is currently composed of two standards: 1. Secure Software Standard (SSS) 2. Secure Software Lifecycle Standard (SSLC) The SSS …
Conversion from magnetic-stripe payment cards to EMV (Europay, Mastercard, and Visa) chip cards boomed when EMV conversion first launched, and recent data from Visa Inc shows that conversion efforts continue to grow. EMV conversion was first introduced in 2015 when the major card networks established a liability shift from issuers to merchants. Beginning in October …
We are proud to have earned the PCI Qualified PIN Assessor (PCI QPA) certification which allows us to perform assessments using the PCI PIN Security Standard. With our PCI QPA certification, we have demonstrated that we are equipped with the latest knowledge and tools to assist payment stakeholders to comply with Version 3.0 of the …
Dara Security is a PCI Qualified Assessor Company Read More »
In our commitment to providing quality PCI Data Security Standard (PCI DSS) assessments, we support the recently raised best practice of Qualified Security Assessor (QSA) Rotation. Discussions within the assessor community have focused on driving quality in PCI DSS assessments, and the idea of rotating the QSA emerged as a best practice. The PCI Standards …
