PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems. 

Many organizations seek their PCI compliance certification to cover their bases with payment processing and data storage. As these enterprises collect card data, payment information, and other data types, this compliance helps them maintain good standing with the credit card companies and their customers. 

Learn the basics of PCI compliance and auditing in this article. 

Read More

The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments. 

Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report. 

Read More

January 26, 2022–The White House is expected to release a new strategy related to cybersecurity to address modern threats and vulnerabilities. Stemming from Executive Order 14028 on Improving National Cybersecurity, this strategy is expected to implement new standards and requirements for federal agencies built around the concept of zero-trust security.

What is zero trust, and how does it shape cyber defense? It will be the new paradigm around which IT, cloud systems, and information governance will revolve for government agencies. 

Read More