PCI Compliance without Cardholder Data
PCI Compliance Without Cardholder Data: A Strategic Guide
How Banking Regulations Mandate Penetration Testing
Banks and financial institutions are under constant threat from cybercriminals seeking to exploit vulnerabilities and access sensitive customer information. To address these risks, penetration testing has become a cornerstone of compliance with critical regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and FDIC/FFIEC guidelines.
Challenges of PCI-Compliant Multi-Factor Authentication
In the era of ever-evolving cybersecurity threats, Multi-Factor Authentication (MFA) has emerged as a hallmark of robust user authentication. While the premise of MFA is straightforward, implementation nuances can introduce significant complexities, especially when aligning with Payment Card Industry (PCI) guidelines. The distinction PCI makes between multi-factor and multi-step authentication (MSA) presses developers into a challenging trilemma. This article explores this trilemma, the real-world MFA practices of major internet platforms, and the pitfalls in the PCI guidance.
TOSS C3 Interview: Cyber Securit and Compliance for SMBs
I was recently interviewed by TOSS C3 as part of their Expert Interview Series. We discussed the importance of cyber security and PCI compliance for small businesses. I cover everything from changes and improvements to PCI over the years, to the impact a data breach can have on a business.
Forbes Interview: How can small business protect themselves from a cyber attack
A while back I was contacted by Karsten Strauss, a journalist with Forbes.com, He was looking for information for an article he was working on. The topic was how can small businesses protect themselves from a cyber attack and data breach. He was hoping to get some insight on what a new business should do - first thing - to protect its data, its transactions, and customers' info from cyber threats.