Payment Card Industry Data Security Standard (PCI DSS): Why is Compliance Critical?
The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.
Compliance with PCI DSS enables your organisation to meet its contractual obligations whilst protecting payment card data and reducing risks relating to fines and reputational damage.
Achieving PCI DSS compliance can be a challenging, confusing, and for some, expensive experience. Privasec can guide you through the process of understanding what to do and give you pragmatic choices about how to minimise compliance costs. Our PCI DSS Health Check is a high level assessment, led by a registered PCI Qualified Security Assessor (QSA).
Call us now to learn how we can help
AU: 1800 996 001, NZ: +64 9 222 4725, SG: +65 6631 8375.
Vulnerability Scanning vs Penetration Testing
Even some of the most accomplished IT professionals are not sure about the difference between a vulnerability scan and a penetration test. Here are three basic differences between the two terms:
1. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment. A penetration test on the other hand is the practice of testing a computer system, network or web application to identify insecure business processes, poor security settings, or other weaknesses that a hacker could exploit.
2. While a vulnerability scan informs the stakeholders about the system vulnerabilities, a penetration test shows how these vulnerabilities could be exploited to cause harm to the organisation.
3. A vulnerability scan could be performed by an organisation's IT department using tools such as OpenVas and Nessus. A wide range of tools are available for use during a penetration testing but it’s the skill of an experienced pen-tester that is needed to identify ways in which vulnerabilities can be exploited.
Privasec's COO to speak at Australian Utility Week
Privasec’s COO, Karan Khosla has been invited to participate in the panel discussion at the Australian Utility Week, the leading digital utility expo in the Australasia region. The discussion will address emerging cloud business models for the utility sector and issues related to ensuring tactical agility for cybersecurity, product evolution and effective partner integration. Privasec’s Senior Security Consultant James Cristofaro will cover security implications of managing “Behind the Meter” devices in a hostile operating environment.
Come and say hello if you are attending the conference. Check out the event details here:
The Weakest Link
According to the OAIC (Office of the Australian Information Commissioner) report, 36% of all cyber-attacks in Australia are caused by human error, this is the phenomenon known as PEBKAC (Problem Exists Between Keyboard And Chair). Thus, employees are our greatest assets, and our weakest link by potentially falling victim cyber-attacks in various forms. They are also our first line of defence, hence continuous education, training and awareness are needed to remain vigilant against cyber-attacks.
According to an article by Smart Company (one of Australia's premier publication for growth businesses and entrepreneurs), 516,380 small businesses fell victim to cyber-crime last year. The first step in falling for a cyber-attack is believing that you won’t be attacked. Prevention starts with educating your employees about some of the most common types of cyber-attacks such as Spear Phishing and how they can be countered.
Spear Phishing attacks differ from other phishing attacks in that they target a victim to extract information. The messages are tailored to the victim and thus increasing the chances of fooling the recipient. The first step to prevent spear phishing is to minimise exchange of confidential information via email and to avoid posting too much personal information online.
Give us a call at 1800 996 001 and talk to our highly experienced security consultants to discuss your company’s cybersecurity priorities and discover how we can help.