Mar 3, 2020 | Compliance, Information Security, NIST 800-53, Payment Card Industry, Risk Management
With acronyms inside of acronyms and hundreds of pages of documentation, choosing a framework for a security controls assessment seems like a daunting task. NuHarbor Security has years of experience working with different controls frameworks, and we have laid out the...
Jun 3, 2019 | Compliance, Cybersecurity, HIPAA, Information Security, ISO27001, NIST 800-53, Payment Card Industry
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What’s unique about this data protection law is that it’s unlike recently passed privacy legislation recently seen in California and...
Mar 18, 2019 | Payment Card Industry
By: Justin Fimlaid You’ve probably heard the rumors. The PCI Council is prepping to release the PCI Data Security Standard 4.0. To date the actual proposed changes have been kept private to the PCI-SSC stakeholders (so limited viewing). The PCI-SSC stakeholders...
Dec 24, 2018 | Compliance, Information Security, Payment Card Industry
By: Jeff Bamberger Now that you have decided to create/configure your business to accept credit cards as one form of payment for the goods or services you offer to your customers, you may be curious what impact that decision will have on your business operations. ...
Oct 3, 2017 | Information Security, Payment Card Industry
Some statements I have heard over the years regarding PCI compliance include, but certainly are not limited to: It takes time away from my “every day” responsibilities. It restricts my ability to conduct business the way I want. It’s a hindrance to facilitate the...
Sep 16, 2014 | Compliance, Information Security, Payment Card Industry
If you’ve had to manage a PCI-DSS compliance framework, you know that having to manage the security awareness training requirements takes someone who is diligent and dedicated to the effort to be successful. In fact, if you’ve done it before you know the...
Aug 20, 2014 | Compliance, eCommerce Fraud Prevention, Payment Card Industry
The Tokenization, PCI and Fraud Prevention Puzzle Tokenization and Fraud Prevention are complimentary security tactics in any eCommerce environment. Tokenized payment architecture is a necessity to minimize PCI scope, while fraud prevention is a central building block...
Aug 20, 2014 | Audit, Compliance, Information Security, Payment Card Industry
The much anticipated PCI-DSS 3.0 is out, and the new Self Assessment Questionnaires (SAQ’s) have been released. We’ve had a lot of questions over the last month about what new changes actually mean to Merchants. One notable introduction is the SAQ-A EP for...
Aug 20, 2014 | Audit, Compliance, Information Security, Payment Card Industry, Risk Management
The much anticipated PCI-DSS 3.0 is out, and the new Self Assessment Questionnaires (SAQ’s) have been released. We’ve had a lot of questions over the last month about what new changes actually mean to Merchants. One notable introduction is the SAQ-A EP for...