PCI DSS stands for Payment Card Industry Data Security Standard. This standard is set forth by the PCI Security Standards Council, an organization founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc. The PCI DSS sets security rules for any business that accepts their cards, with the goal of protecting customer credit and debit card data. Any business that accepts any non-cash payments needs to meet the PCI standards.

PCI compliance is a complicated matter. There are a number of different steps to meet and validate your achievement of the PCI DSS standard. In this guide, we’ll break down the steps in PCI compliance testing, the different types of PCI compliance tests, and how much it costs to complete this process.

Network segmentation is a practice that can dramatically lower the time, effort and cost of a PCI DSS assessment. Not only is it an industry best practice for security cardholder data, but it’s also an effective way of controlling the annual commitment of meeting your PCI compliance requirements. Here’s how network segmentation works, as well as some key best practices for using network segmentation to reduce the scope of your PCI assessment.

PCI compliance applies to businesses of all sizes: In fact, the PCI Council sets compliance standards according to how many card-based transactions a business handles each year. There are four merchant levels are Small businesses usually fall under level four. If you’re not sure what level your business falls into, your point-of-sale (POS) reports may be able to tell you.

To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws. Moreover, users have become increasingly aware and educated about their rights online, especially regarding what data businesses can collect about them.

Microsoft continues urging its customers to understand two core security vulnerabilities in the domain controllers of Active Directory. These vulnerabilities had been addressed by the company in November 2021. It was followed by a PoC or Proof of Concept tool on 12th December. The two vulnerabilities have been tracked as CVE-2021-42278 sAM (sAMAccountName spoofing ) and CVE-2021-42287 KDC.

Water Sector Cybersecurity Requirements Policymakers and regulators in Washington are bringing their attention now to water utilities’ cybersecurity. Last month, the White House announced it was expanding its public-private cybersecurity partnership to the water sector. Separately, in December of 2021, the Environmental Protection Agency (EPA) announced an evaluation of regulations related to the public water system’s cybersecurity, which will change in April.

In our second episode, we speak with Elastic’s Product Marketing Director James Spiteri, an experienced security practitioner turned product marketer with a passion for making security accessible and easy for anyone and everyone.

Recently the architecture model known as Secure Access Service Edge (SASE) has been gaining momentum. Not surprising, when the model provides benefits - including reduced complexity of management, improved network performance and resiliency, security policy implemented consistently across office and remote users and lower operational expense. In fact, according to a recent ESG survey, 70% of businesses are using or considering a SASE solution.

CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus.