What’s with the scrutiny? Anyone that has undergone any sort of audit knows that your Vendor Management process is going to come up. Why do these pesky auditors keep asking these questions? What does it matter what sort of monitoring we perform? Why do we need a formal process to review contracts for specific clauses? … Continue reading Vendor Management in the Spotlight
Author: Sean
seangoodwin.blog
New PCI MFA Guidance
On February 9, 2017 the PCI SSC released a new Information Supplement Multi-Factor Authentication with the intent to aid Organizations in meeting Requirement 8.3. One interesting quote in the document’s Overview: While PCI DSS Requirement 8.3 does not currently require organizations to validate their MFA implementation to all the principles described in this guidance document, these principles may … Continue reading New PCI MFA Guidance
PCI Scoping Guidance
Back on Friday December 9, 2016, the Payment Card Industry Security Standards Council (PCI SSC) released a new Information Supplement Guidance for PCI DSS Scoping and Network Segmentation. The purpose of this Supplement was to provide some clarification on how an Organization can implement network segmentation controls to minimize the scope of systems covered by … Continue reading PCI Scoping Guidance
Updated PCI Card Production Standards
The PCI SSC has released version 2.0 of both the Card Production Logical Security Requirements and the Card Production Physical Security Requirements. Both documents are now available on the Document Library. Why should many of you be interested in taking a closer look at both documents? The documents start with a scoping definition: Logical: “All systems … Continue reading Updated PCI Card Production Standards
New Cashout Malware Dubbed Alice
Last week Trend Micro wrote about a new ATM Malware Variant Alice. This discovery was unique, as this malware was found to have very specific goals, and very little interaction. This malware had been designed to allow a thief to view the bill count and denomination in the ATM, and specifically target those bills until the … Continue reading New Cashout Malware Dubbed Alice
The Personal Blog of Sean Goodwin 