Compliance Abuse: When Compliance Frameworks are Misapplied

Introduction Here at TrustedSec, we help our clients achieve and maintain compliance with a variety of Information Security and privacy frameworks. We often receive requests for compliance assistance with frameworks that don’t make sense when considering the type of organization making the request. We always seek to understand our clients’ needs before proposing an engagement,…

The post Compliance Abuse: When Compliance Frameworks are Misapplied appeared first on TrustedSec.

Continue reading Compliance Abuse: When Compliance Frameworks are Misapplied

Data Retention Practices – A Brief Overview

Data retention practices can vary between companies based on compliance requirements, location, and types of data. Best practice dictates an organization should only retain data for only as long as it is useful, or to satisfy legal or regulatory requirements. Defining what is needed for an organization will ensure compliance with relevant legal statues and…

The post Data Retention Practices – A Brief Overview appeared first on TrustedSec.

Continue reading Data Retention Practices – A Brief Overview

The Crucial Role of Data Center Resiliency in Business Security

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

The post Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience appeared first on TrustedSec.

Continue reading Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Reducing Merchant Scope to Ease the Compliance Burden

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

The post Reducing Merchant Scope to Ease the Compliance Burden appeared first on TrustedSec.

Continue reading Reducing Merchant Scope to Ease the Compliance Burden

Strength Training With Transport Cryptology: Part 2

In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….

The post Strength Training With Transport Cryptology: Part 2 appeared first on TrustedSec.

Continue reading Strength Training With Transport Cryptology: Part 2

Strength Training With Transport Cryptology: Part 1

I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new…

The post Strength Training With Transport Cryptology: Part 1 appeared first on TrustedSec.

Continue reading Strength Training With Transport Cryptology: Part 1

Yes, It’s Time for a Security Gap Assessment

For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…

The post Yes, It’s Time for a Security Gap Assessment appeared first on TrustedSec.

Continue reading Yes, It’s Time for a Security Gap Assessment

How I Retained My QSA Certification

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

The post How I Retained My QSA Certification appeared first on TrustedSec.

Continue reading How I Retained My QSA Certification

20 Tips for Certification Success

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

The post 20 Tips for Certification Success appeared first on TrustedSec.

Continue reading 20 Tips for Certification Success