If your organisation is compliant with PCI DSS, chances are you’re conducting penetration tests on an annual basis. This “ticks the box” from a PCI perspective, and your QSA will have no problems marking you as compliant – but is a box-ticking penetration test really enough?
We live our lives hoping that we will never need to make claims on our insurance policies. Whether that is home, motor, life or phone, making a claim generally means something isn't how it should be. Ultimately, a policy is there to protect something of value to us, and as the world in which we lives changes, the information you have and the systems you run your businesses on are valuable assets too - so is now the time to think about cyber insurance?
Outsourcing PCI DSS controls to third parties can hugely support a merchant (or service provider) PCI DSS compliance program and can be a great thing if you want to leverage any SAQ reduction criteria, meaning you have less controls to complete yourself so less costs and less complexity; always a good thing, BUT you must have a handle on service providers if you want to take this route.
We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level.
The blockchain, although developed for and most commonly known as a financial instrument within cryptocurrencies, is gaining an increasing foothold as a useful technology in many industries. It is being applied to many applications and held up to solve some interesting problem areas.
Research in 2017 concluded that of all the people working in the cyber security industry, only around 11% were women. The world of cyber security is ever-evolving and competitive, and it can be difficult for women to get into technical roles. As it's International Women's Day we thought we'd give you an insight of what it's like to work in the cyber security industry from Nettitude's very own Judi Mackie and Roxana Kovaci.
Risk Assessment is a core feature of most modern security considerations, including the PCI DSS. Featuring as Requirement 12.2, it splits into two parts:
Unlike other areas of the PCI DSS which are very prescriptive, this requirement on first reading doesn't really show much relationship to the rest of the PCI DSS, but don't be fooled.
Many organizations have gone out and bought SIEM appliances which are either in-house or outsourced to an external security operations center. We have highlighted the top five areas for organizations to review, when they deploy SIEM technology, or utilize a security operations center function. This guide is designed to help improve SIEM coverage, and provide confidence to the organization that they are getting the most from their security operations center providers.
Every organization that either builds a security operations center or subscribes to the services of a managed security services provider (MSSP) hopes that the SOC is able to prevent, detect and respond to cyber related attacks. However, there is huge amounts of variability in SOC services, and it is very common for organizations to build or leverage SOC services that are mismatched to the threats that they face.
A cyber breach is probably one of the most disturbing events that a CISO could encounter. Nettitude has worked with many organizations that have experienced cyber incidents, and provides consulting guidance to organizations to mitigate the threat from cybercrime. Here are our top five things that successful CISOs do to mitigate against the risk of a cyber breach.