Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Improve your Cyber security maturity
Client Identities
Legal or contractual obligations, regulations PCI DSS, HIPAA, GDPR, ISO 27001, SOC2, CMMC
read moreCompanies are focused on their accelerated digital transformation, with evolving technology comes evolving hackers.
They are behind in their cyber security maturity and consider it as a budget adjustment variable.
Experts in cybersecurity and digital strategy, we support companies in their development and guide them in the transformation towards the new normal.
During the last twenty years, we’ve been wearing multiple hats and played in red/blue teams, we decided to protect in 360° our partners, by reviewing their :
check Security Strategy
check Compliance
check Security Response and Recovery
Proudly member of the Canadian cluster of the cybersecurity industry
In-Sec-M is a cybersecurity center, recognized by the Government of Canada.
The mission is to mobilize the various key players in the ecosystem to support the innovation, growth and outreach capabilities of Canada’s cybersecurity industry, nationally and internationally.
Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
PCI SSC does not require QSAs or ISAs to visit personnel private residences for any purpose, including the review of work-from-home (WFH) environments to validate PCI DSS requirements. Entities should have policies and procedures implemented to provide assurance that applicable PCI DSS controls are in place for WFH personnel and [...]
High confidence is placed in the statement “I am PCI DSS compliant,” but what does this actually mean for the different parties involved? Use of a PCI DSS compliant Provider does not automatically result in PCI DSS compliance for the Customers. The Customer should confirm that the Provider is PCI [...]
An individual’s private work-from-home (WFH) environment is not considered a “sensitive area,” and personnel working from home are not required to meet PCI DSS Requirements 9.1.1 or 9.3 for their WFH environments. “Personnel working from home” Refers to individuals that are employed by an entity to perform business duties from [...]
The distributed architectures of cloud environments add layers of technology and complexity that challenge traditional assessment methods. As a result, it may be particularly challenging to validate PCI DSS compliance in a distributed, dynamic infrastructure such as a public or multi-tenant environment. Examples of compliance challenges include but are not [...]
While use of PTS-approved payment devices can facilitate PCI DSS compliance, such devices do not by themselves guarantee PCI DSS compliance or reduce the scope of a merchant’s cardholder data environment. The boundaries of the cardholder data environment are not affected by the presence or absence of a PTS-approved terminal, [...]
Merchants should always contact their acquirer (merchant bank), or payment brand directly to understand their compliance validation obligations, including which SAQ they may be eligible to use. Contact details for the payment brands can be found at the end of this post. For multiple payment channels, it may be possible [...]
The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data At a high level, scoping involves the identification [...]
Changes in the real world often occur rapidly, and rarely give advanced notice of their arrival. Organizations are forced to react to these events quickly, and to make decisions regarding their security stance accordingly. The wisest decisions are informed decisions. While no one can accurately predict the threats they may [...]
You Are in Good Hands
