When does the GDPR apply to US based companies? There has been much buzz circulating about the upcoming General Data Protection Regulation (GDPR). Yet, many organizations are still trying to figure out how it will actually apply to their business. Particularly US based companies. The… Continue Reading
A common misunderstanding many organizations and IT professionals have is thinking that cardholder data is limited to the Primary Account Number (PAN) and the (Card Verification Value) CVV codes found on the card. However, this is not the case. Watch the short video below to… Continue Reading
Common issues we see with scoping PCI assessments As a QSA, I am commonly asked what is in scope for a PCI assessment. One would think this would be an easy question to answer. The obvious answer is that all systems that store, process or… Continue Reading
PCI DSS principles to mitigate the spread of ransomware The recent, and still highly impactful, discovery of a new malware variant named “WannaCry” is a hot topic in the news right now. This new malware combines ransomware with an exploit that has replication capabilities to… Continue Reading
The Top 5 Areas of Cyber Security Risk When it comes to effective cyber security risk management, knowing what can hurt your organization is key. In today’s world of complex threats, most organizations have made great efforts to protect customer data and business information. However,… Continue Reading
Implementing a Simplified Approach to HIPAA Compliance The standards and procedures established under HIPAA aim to protect patient health information for privacy and safety reasons. However, understanding what HIPAA Rules apply and accommodating those requirements may be difficult without implementing a simplified approach. To help,… Continue Reading
In a previous post, we addressed the critical elements to address in information security policies. Now, let’s consider an effective approach to creating well-defined policies. The creation of well-defined information security policies is not a “one size fits all” process. Not every company has the… Continue Reading
It only takes the click of a mouse or the push of a button to turn on a television, radio or computer to hear about the crazy weather we have in our country. From wildfires in California to tornados in the heartland to hurricanes in… Continue Reading
Have you given much thought as to what should be included in your company’s Information Security policies? Now, that question may have you worried. Everyone knows that to be compliant with a given standard (e.g. PCI or HIPAA) or to implement a comprehensive cyber security… Continue Reading
There is a great song by Chicago called “Does Anybody Really Know What Time It Is?” which I think of every time I’m sent to evaluate a client’s security posture. I often note that they don’t really know what is going on in their networks…. Continue Reading
Copyright © 2017 CompliancePoint, Inc. All Rights Reserved | Privacy Statements | 
Subscribe to RSS Feed
Follow us on YouTube
Follow Customer Engagement on Twitter
Follow us on LinkedIn
RSS Feed Signup