Auditing is a two-way process

Auditing is a two-way process

Auditing is a two-way process I know the idea of being audited is not a fun one. I always joke with clients that they should not feel too bad as we, as auditors, get audited ourselves (on workpapers, reports, etc.).  When it comes to the auditing process, however,...
PCI DSS is an Ongoing Process

PCI DSS is an Ongoing Process

PCI is an ongoing process.   PCI is an ongoing process. In my experience, the biggest reasons companies fail their PCI compliance after passing the previous year is due to not staying on top of the ongoing processes required to maintain PCI compliance.  95% of...
Should you have a QSA attest your PCI-SSC SAQ or not?

Should you have a QSA attest your PCI-SSC SAQ or not?

To 3C or not to 3C? That is the business question. Should you have a QSA attest your PCI-SSC SAQ or not? That is a decision business. Lately, we at Silent Storm Security have seen an influx of companies requesting a QSA signature to their PCI-SSC SAQ (Payment...
Silent Storm Security Interview with CEO/CFO Magazine

Silent Storm Security Interview with CEO/CFO Magazine

Silent Storm Security is focused on Simplifying and Taking the Stress out of Cyber Security, HIPAA and PCI-DSS Audits We love what we do, and we get a lot of enjoyment out of seeing the relief that we can provide our clients from the stress of getting audited. We go...
Vendors

Vendors

Vendors Every mid-sized or large company eventually must purchase a cybersecurity product, which means every company must reach out to a cybersecurity vendor. Vendors can help an organization achieve security goals and maintain compliance. Vendors can also provide...
Side Channel Attacks

Side Channel Attacks

News this year surrounding the Meltdown and Spectre CPU vulnerabilities has sparked a wider discussion on side channel attacks. These threats are difficult to mitigate and hard to detect, which makes them especially attractive to criminals. They are also likely...