Security vs Convenience

Security vs Convenience

Security vs Convenience Security vs. Convenience: The more secure you are, the less convenient things will be, and vice versa. One thing we like to ask clients is “on a scale of 1-10, how secure do you want to be?” We follow up by saying that 1 is wide open and 10 is...
Enigma

Enigma

What was Enigma? The Allies victory over the Axis powers in World War II is often remembered in terms of famous battles and tremendous acts of valor. But the strategic victories that liberated Europe and defeated the Empire of Japan were never guaranteed. Success in...
PCI Gap Assessments

PCI Gap Assessments

PCI Gap Assessments are a vital resource that allows businesses to assess whether their procedures are aligned with the best industry cybersecurity practices and regulatory requirements such as the Payment Card Industry Data Security Standard (PCI-DSS). A PCI Gap...
Auditing is a two-way process

Auditing is a two-way process

Auditing is a two-way process I know the idea of being audited is not a fun one. I always joke with clients that they should not feel too bad as we, as auditors, get audited ourselves (on workpapers, reports, etc.).  When it comes to the auditing process, however,...
PCI DSS is an Ongoing Process

PCI DSS is an Ongoing Process

PCI is an ongoing process.   PCI is an ongoing process. In my experience, the biggest reasons companies fail their PCI compliance after passing the previous year is due to not staying on top of the ongoing processes required to maintain PCI compliance.  95% of...
Should you have a QSA attest your PCI-SSC SAQ or not?

Should you have a QSA attest your PCI-SSC SAQ or not?

To 3C or not to 3C? That is the business question. Should you have a QSA attest your PCI-SSC SAQ or not? That is a decision business. Lately, we at Silent Storm Security have seen an influx of companies requesting a QSA signature to their PCI-SSC SAQ (Payment...