DISC InfoSec blog

There is a big misconception out there that PCI DSS compliance does not apply to us, because we are relatively a small company

The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It is [...]

Image by purpleslog via Flickr
45 States followed California when they introduced “SB1386″, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.
Similarly to the SB1386 Law, California, Massachusetts & Texas are already looking at making PCI DSS Law and history tells us that when California moves, everyone else follows!
From [...]

Usually security breach occurs due to lack of basic security controls or lack of effective control which is not relevant over the time. Security controls also disintegrate over the time due to lack of maintenance and monitoring.
According to Privacy Rights Clearinghouse survey, the top three breaches resulted from laptop theft, software or human error, and [...]

During this down turn economy organized cyber crime is a booming underground business these days. Most of the security expert and FBI agree that cybercrimes are on the rise and pose a biggest threat to US vital infrastructure. Cybercriminals are thieves in cyberspace who will swipe the sensitive data and sell to other criminals in [...]

M1 – We are relatively small company so we don’t have to worry about PCI compliance
F1 – The PCI DSS must be met by all organizations that transmit, process or store payment card data
M2 – PCI DSS is either a regulation or a standard
F2 – It‘s a neither a standard nor a regulation. It is [...]

The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information.  The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 [...]