Blog

13 Results / Page 1 of 2

today

  • 117
  • 200
close

Cybercrime PCI

Threat landscape for Industrial Control Systems (ICS)- Statistics for H1 2021

Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such ...

today

  • 96
  • 184
close

PCI DSS 3.2.1 PCI

Is an assessor required to visit work-from-home environments to determine if personnel are meeting PCI DSS requirements?

PCI SSC does not require QSAs or ISAs to visit personnel private residences for any purpose, including the review of work-from-home (WFH) environments to validate PCI DSS requirements. Entities should have policies and procedures implemented to provide assurance that applicable PCI DSS controls are in place for WFH personnel and ...

today

  • 90
  • 96
close

PCI DSS 3.2.1 PCI

For personnel working from home, is their environment considered a “sensitive area” for PCI DSS?

An individual’s private work-from-home (WFH) environment is not considered a “sensitive area,” and personnel working from home are not required to meet PCI DSS Requirements 9.1.1 or 9.3 for their WFH environments. “Personnel working from home” Refers to individuals that are employed by an entity to perform business duties from ...

today

  • 112
  • 105
close

PCI DSS 3.2.1 PCI

Is it easier to comply with PCI-DSS while using Cloud services ?

The distributed architectures of cloud environments add layers of technology and complexity that challenge traditional assessment methods. As a result, it may be particularly challenging to validate PCI DSS compliance in a distributed, dynamic infrastructure such as a public or multi-tenant environment. Examples of compliance challenges include but are not ...

today

  • 185
  • 118
close

PCI DSS 3.2.1 PCI

What system is in scope for PCI DSS?

The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data At a high level, scoping involves the identification ...

today

  • 171
  • 119
close

PCI DSS 3.2.1 PCI

Am-I Merchant or Service provider for PCI DSS?

A merchant is defined as any entity that accepts payment cards from the five brands (American Express, Discover, JCB, MasterCard, or Visa) The PCI Security Standards Council defines a service provider as a Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of ...

FR