Reducing Merchant Scope to Ease the Compliance Burden

July 13, 2021

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

Read

The Backup Paradigm Shift: Moving Toward Attack Response Systems

June 15, 2021

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

Read

Strength Training With Transport Cryptology: Part 2

March 30, 2021

In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….

Read

Strength Training With Transport Cryptology: Part 1

March 30, 2021

I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new…

Read

Yes, It’s Time for a Security Gap Assessment

March 23, 2021

For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…

Read

TrustedSec Approved as a CMMC Registered Provider Organization!

February 25, 2021

TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (https://www.cmmcab.org/) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense…

Read

CMMC Small Business Funding Roundup

February 23, 2021

TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few questions on how smaller organizations can help to offset some of the costs related to CMMC compliance. There are three (3) typical paths for small organizations to obtain financial assistance regarding CMMC activities. We…

Read

How I Retained My QSA Certification

January 21, 2021

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

Read

Nine Things to Know About the CMMC

November 10, 2020

The Cybersecurity Maturity Model Certification (CMMC) (https://www.acq.osd.mil/cmmc/) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected. Specifically, the CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. Eventually, this certification program will replace the process…

Read

Fear, Cybersecurity, and Right to Repair

November 5, 2020

Massachusetts is the latest state to grapple with Right to Repair legislation. A ballot question in the 2020 election asked the state’s voters to decide whether or not automobile manufacturers must make the telematics data collected by cars’ on-board computers available to independent repair shops. What seems like a debate over who can access the…

Read
  • Browse by Category

  • Clear Form