Dara Security

Recent Articles

Best Practices for Maintaining PCI DSS Compliance

Replacing a guidance document published in 2014, the PCI Council recently published Information Supplement: Best Practices for Maintaining PCI DSS Compliance. This new supplemental document outlines guidance and instruction for handling challenges associated with preserving PCI DSS compliance after the PCI DSS assessment has completed.

Challenges in maintaining compliance occur for a variety of reasons. An organization may make changes due to customer requirements, shifting business goals, or a change in technology infrastructure. An organization may assume that continuing to do...

Read More

The Essentials to Data Security

A look at recent breaches reveals the continued need for securing information.  The Identity Theft Resource Center continues to collect an increasing amount of breach data (https://idtheftcenter.org/2018-data-breaches/ ), proving that criminals are still working hard at committing cybercrimes.  Business data breaches no longer dominate news headlines, perhaps indicating a sense of complacency or business-as-usual view regarding data security.  But businesses must remain vigilant in protecting the data that has been entrusted to them. 

The PCI Council...

Read More

PCI Council Publishes New Software Security Standards

January 2019, the PCI SSC published the PCI Software Security Framework v1.0 (PCI SSF).  Program related materials (Program Guide, Reporting templates, et. al.) and the like are expected to be published mid-2019.  But today, the PCI SSF standards are published and available on the PCI SSC website.  The PCI SSF is composed of two standards:

·        The Secure Software Standard v1.0

·        The Secure Software Lifecycle Standard v1.0

The Secure Software Standard...

Read More

Ten Cybersecurity Tips for Businesses

With the start of a new year, it may be a good time for businesses to review their cybersecurity posture and realign their policies with industry best practices.  The following ten cybersecurity tips were recently published during National Cybersecurity Awareness Month as a resource for small businesses.  However, these guidelines could very well apply to a business of any size.

 

1.      Employee training

Establish basic information security practices with employees, from requiring strong passwords and appropriate internet...

Read More

HIPAA Expertise with CHPSE Certification

We are proud to announce our increased focus on the Health Insurance Portability and Accountability Act (HIPAA), the federal law that protects patient health information.  By providing in-depth HIPAA training and subsequent Certified HIPAA Privacy Security Expert (CHPSE) certification to our key staff who play a key role in HIPAA compliance, we are well-equipped to address the intricacies and ever-changing HIPAA requirements for our clients.

The CHPSE is the gold standard for HIPAA credentials and is the highest-level certification for core HIPAA compliance team members. ...

Read More