If your organisation is compliant with PCI DSS, chances are you’re conducting penetration tests on an annual basis. This “ticks the box” from a PCI perspective, and your QSA will have no problems marking you as compliant – but is a box ticking penetration test really enough?
We live our lives hoping that we will never need to make claims on our insurance policies. Whether that is home, motor, life or phone, making a claim generally means something isn't how it should be. Ultimately, a policy is there to protect something of value to us, and as the world in which we lives changes, the information you have and the systems you run your businesses on are valuable assets too - so is now the time to think about cyber insurance?
Outsourcing PCI DSS controls to third parties can hugely support a merchant (or service provider) PCI DSS compliance program and can be a great thing if you want to leverage any SAQ reduction criteria, meaning you have less controls to complete yourself so less costs and less complexity; always a good thing, BUT you must have a handle on service providers if you want to take this route.
We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level.
The 2018 RSA Conference took place in San Francisco last week and Nettitude's Senior Consultant, Ben Rothke traveled there to deliver a presentation on ransomware. He discussed both how not to become a victim, and what enterprises should do if they do become one. Here is a recap of what Ben discussed.
The blockchain, although developed for and most commonly known as a financial instrument within cryptocurrencies, is gaining an increasing foothold as a useful technology in many industries. It is being applied to many applications and held up to solve some interesting problem areas.
There’s a critical date approaching in the PCI DSS calendar. Some of you may be wondering “what date could possibly be that important?”