Podcasts about pci dss

In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss:How to determine which HITRUST Assessment type to chooseHow to prepare for a HITRUST Validation AssessmentWhat to expect from a SecurityMetrics HITRUST AssessmentReady to discuss your HITRUST needs? Request a quote here.Read our new HITRUST 101 White Paper here.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

ST. PETERSBURG, FL - April 2025 - As the cloud communications sector embraces artificial intelligence (AI), BroadSource is stepping forward with a practical message for resellers: You can profit from AI — if you first help your customers solve data privacy challenges. Speaking with Technology Reseller News at the Cloud Communications Alliance's Cloud Connections 2025 event, Bill Placke, President of Americas for BroadSource, outlined how the company's SecureCall platform helps overcome a critical barrier to AI adoption. “Legal and compliance concerns around collecting personal data are slowing AI deployment,” said Placke. “Our SecureCall solution removes sensitive personal information like credit card or Social Security numbers at the time of collection — enabling safe and compliant AI use.” BroadSource's SecureCall product, which earned Cisco's Top 3 Global Innovation Award, enables secure data input during phone-based customer interactions. Customers input card details or other personal information directly, while the merchant remains on the call without hearing sensitive tones. Data is transmitted securely for processing, bypassing the merchant's internal systems and eliminating storage liability. With new PCI DSS 4.0 standards taking effect and global regulations such as GDPR and CCPA evolving, businesses face growing risks for non-compliance. Placke noted that SecureCall removes this burden from the enterprise. “Companies can rely on BroadSource's own PCI certification for compliance,” he said. “That means fewer headaches for IT and finance leaders — and real value for the reseller who delivers the solution.” BroadSource is expanding SecureCall's capabilities under the SecurePII brand to address broader categories of personal data. The goal is to create a foundation of data minimization, enabling enterprises to leverage AI and LLMs (large language models) without running afoul of data protection laws. Placke likens the opportunity to the 1840s Gold Rush: “AI is the gold. BroadSource is the pickaxe and blue jeans — the tools every prospector needs to get started.” For resellers navigating the fast-moving AI landscape, Placke advises aligning with customer priorities. “Cybersecurity is the top concern for IT leaders,” he said. “Look at breach points like passwords and explore solutions that offer more secure alternatives. When you bring customers practical AI tools with compliance built in, you're not just selling a service — you're building trust.” BroadSource also offers EMU CAPP, a behavioral analytics product that uses AI to monitor user behavior on BroadWorks platforms and detect anomalies, helping prevent toll fraud. “Resellers should lean in,” Placke concluded. “There's a real opportunity to lead by helping your customers adopt AI safely.” For more information, visit broadsource.com or secure-pii.com.

Todd Mitchell, owner of Cybersecurity4biz LLC (a Disabled Veteran-Owned Small Business), is a retired US Navy veteran and cybersecurity expert with over 30 years of experience. He holds a Master's in Cyber Security Policy, an MBA, several IT Degrees, and certifications in ethical hacking. Todd has contributed to the NIST SP 800 series and helped shape cybersecurity controls for the Department of Defense, government agencies, and industries such as healthcare and finance. As a member of the NIST Small Business Cybersecurity Community of Interest, he shares insights to support the unique cybersecurity needs of small businesses. Todd specializes in helping solopreneurs and micro-businesses in the healthcare, financial, and government contracting industries achieve compliance with regulations like HIPAA, GLBA Safeguard Rule, PCI-DSS, and CMMC 2.0. He also empowers families to protect themselves from identity theft, cyberstalkers, cyberbullies, and online predators through prevention-focused strategies that foster a cyber-safe culture. The inspiration for Cybersecurity4biz came when Todd was in charge of designing software for the US Marine Corps Command and Control and implementing cybersecurity for the Defense Department. A friend's small business suffered data loss (a DJ got hacked and lost all his music), and Todd was asked to find someone to help him. After searching everywhere Todd realized solopreneurs and small businesses had no access to affordable cybersecurity resources. Despite calling dozens of companies, Todd found no one willing to work with businesses with fewer than 250 computers. Understanding that most small businesses can't afford or don't need enterprise-level solutions, Todd decided to fill the gap. After much encouragement from his friend, he left the corporate world to launch Cybersecurity4biz, offering practical, affordable solutions tailored to the needs of solopreneurs and micro-businesses. His mission? The “little guy” helping the “little guy.” Running his own business from home, Todd practices what he preaches, securing his home network and safeguarding client data, even amid the chaos of family IoT devices. Key Moments [04:53] Consolidating Government Software Systems [07:03] DJ Faces Crisis After Ransomware Attack [12:08] Cybersecurity Concerns and Awareness [13:10] Rethinking Modern Parenting Trends [17:45] "Phone for Communication Only" Find Todd Online Website: https://www.cybersecurity4biz.com/ Alignable Profile: https://www.alignable.com/alamogordo-nm/cybersecurity4biz-llc If you're enjoying Entrepreneur's Enigma, please give me a review on the podcast directory of your choice. The show is on all of them and these reviews really help others find the show. iTunes: https://gmwd.us/itunes Podchaser: https://gmwd.us/podchaser TrueFans: https://gmwd.us/truefans Also, if you're getting value from the show and want to buy me a coffee, go to the show notes to get the link to get me a coffee to keep me awake, while I work on bringing you more great episodes to your ears. →  https://gmwd.us/buy-me-a-coffee or support me on TrueFans.fm → https://gmwd.us/truefans. Follow Seth Online: Seth | Digital Marketer (@s3th.me) Seth Goldstein | LinkedIn: LinkedIn.com/in/sethmgoldstein Seth On Mastodon: https://indieweb.social/@phillycodehound Seth's Marketing Junto Newsletter: https://MarketingJunto.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud Connections 2025 Preview: BroadSource's SecurePII Takes Center Stage March 2025 – Technology Reseller News – BroadSource has officially launched SecurePII, a cutting-edge real-time redaction platform designed to protect Personally Identifiable Information (PII) in telecommunications networks. In a special Cloud Communications Alliance (CCA) podcast, Haydn Faltyn and Bill Placke from BroadSource joined Doug Green to discuss the technology, its market impact, and why service providers should take notice. The Growing Need for Real-Time PII Protection BroadSource has long been a leader in delivering technology solutions to cloud communications providers. With SecurePII, they are addressing a critical issue in telecommunications: how to protect PII that traverses carrier networks. The demand for real-time data redaction has surged due to increasing regulatory requirements, including CCPA, GDPR, HIPAA, and the evolving PCI DSS 4.0 standard. Faltyn explains: “We launched SecureCall as a PCI-compliant platform for credit card redaction last year. But service providers and enterprises alike need more—protection beyond just payment information. SecurePII extends our technology to safeguard all forms of personal data in voice communications.” Shifting the Compliance Conversation Placke highlights the legal and compliance challenges that enterprises face, as regulators worldwide introduce stricter measures around data privacy. “Legal teams are often forced to say ‘no' to new initiatives because of concerns over PII exposure. SecurePII flips the script—by redacting sensitive data in real time, businesses can fully leverage AI, analytics, and automation without compliance roadblocks.” A Game Changer for AI-Driven Business Communications The rise of AI and large language models (LLMs) has created a data dilemma for enterprises: how can they safely utilize voice data for AI applications, customer analytics, and automation without violating data privacy laws? With SecurePII, BroadSource provides a solution that allows organizations to extract value from their data without storing or processing sensitive customer information. By removing PII in real-time, businesses can: Enhance AI training models without compliance risks Increase customer trust by ensuring privacy protection Reduce operational risks and costs associated with data breaches and regulatory fines Impact on Contact Centers and CX A core use case for SecurePII is contact centers, where credit card details, account numbers, and personal information are frequently exchanged over voice channels. The platform ensures: Seamless transactions without the risk of human agents being exposed to sensitive data A frictionless customer experience that retains the personal touch while safeguarding information Higher revenue retention—BroadSource has observed a 9% increase in revenue when businesses implement SecurePII in customer interactions BroadSource's SecurePII Roadmap and Upcoming Events The launch of SecurePII marks a new strategic direction for BroadSource, emphasizing data security as a core value for service providers. Faltyn and Placke will be presenting SecurePII at: Cavell's Summit Europe 2025 – A premier event for cloud communications leaders Cloud Connections 2025 (CCA Conference, St. Petersburg, FL) – Where BroadSource will showcase SecurePII's capabilities to global service providers Where to Learn More SecurePII is now live, and service providers can integrate it into their networks today. BroadSource has also launched a dedicated website for SecurePII, providing resources, case studies, and implementation details. Visit: www.securepii.cloud BroadSource's mission is clear—to empower service providers with the tools to protect their networks, comply with global regulations, and enable the future of AI-driven business communications. With SecurePII,

In this episode, we delve into the relevance and implementation of DMARC (Domain-based Message Authentication, Reporting & Conformance) in today's email security landscape. The discussion covers how major organizations like Google, Yahoo, and Microsoft have started enforcing DMARC policies to combat spam, especially for high-volume email senders. We also explore the importance of continuous monitoring and the potential pitfalls associated with implementing DMARC improperly, including real-world examples highlighting the consequences. Join us to learn about the nuances of DMARC, from setting it up to ensuring seamless communication across departments, and why it is crucial for your organization's email security strategy.Resources: https://easydmarc.com/blog/dmarc-pci-dss/ 00:00 Introduction to PCI and Podcast Focus01:52 The Rise of DMARC in 202404:06 DMARC Implementation Challenges09:17 Importance of Continuous Monitoring12:38 Vendor Changes and Their Impact18:30 Implementing DMARC: Tips and Pitfalls31:59 Conclusion and Final Thoughts

Send us a textUnlock the secrets to safeguarding your cloud storage from becoming a cyber attack vector in our latest episode of the CISSP Cyber Training Podcast with Shon Gerber. Discover how neglected AWS S3 buckets can pose significant threats akin to the notorious SolarWinds attack. Shon breaks down the importance of auditing and access controls while providing strategic guidance aligned with domain 6.1 of the CISSP to fortify your knowledge for the exam. This episode promises to equip you with the essential tools to protect your cloud infrastructure and maintain robust security practices.Transitioning to security testing, we explore various methodologies and the vital role they play in incident readiness and data integrity. From vulnerability assessments to penetration testing and the collaborative efforts of red, blue, and purple teams, Shon sheds light on the automation of these processes to enhance efficacy. We also demystify SOC 1 and SOC 2 reports and discuss their criticality in vendor risk management and regulatory compliance. With insights into audit standards like ISO 27001 and PCI DSS, this episode is your comprehensive guide to understanding and applying security measures across diverse sectors.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Conor Freeman (x.com/conorfrmn) stole money online. Lot's of it. In this episode we talk with him, and hear how he did it, why he did, and what he spent it on.Conor's website: https://conorfreeman.ieConor's X: https://x.com/conorfrmnSponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries.Support for this show comes from ZipRecruiter. ZipRecruiter has solved the hiring problem. Employers prefer it the most for so many reasons. Let's start by telling you about their matching technology. They work hard to find the best candidates for your needs, and will instantly show you results once you post a job listing. ZipRecruiter will speed up your hiring process. See it for yourself at www.ziprecruiter.com/DARKNET.Sources https://www.cbc.ca/news/canada/toronto/kidnapping-toronto-businessman-cryptocurrency-1.7376679 https://www.irishtimes.com/news/crime-and-law/courts/circuit-court/man-jailed-for-role-in-2-million-cryptocurrency-theft-1.4411641 https://www.irishtimes.com/news/crime-and-law/dun-laoghaire-man-could-face-108-year-us-prison-term-over-alleged-hacking-and-wire-fraud-1.3887715 https://www.sundayworld.com/crime/irish-crime/irish-authorities-to-transfer-2m-in-stolen-cryptocurrency-back-to-us-owners-after-cab-probe/40576219.html

Join security veteran Ken Foster and Sotero CEO Purandar DAS for a discussion on the new PCI DSS V4.0 certification. In this second part, we go deeper on the actual practical side of getting this standard up and running in your environment! Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

Join security veteran Ken Foster and Sotero CEO Purandar DAS for a discussion on the new PCI DSS V4.0 certification. Who should be implementing it, when should it be up and running and, most importantly, why do you really want to do that? This first part of our interview with Purandar and Ken has (almost) all the answers! The rest is coming your way next week! Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

As most in the industry know, a QSA must get certified by the PCI Security Standards Security Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Created in 2004 by major credit card brands, such as Visa and American Express, the council acts as a form of self-regulation. So, how did Weaver become an expert on PCI, and what types of solutions does it offer its clients? On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cyber Security Services at Weaver, and Kyle Morris, Manager of IT at Advisory Services at Weaver. The trio dug into insights from Weaver's Quality Security Assessor and explored how Weaver dove headfirst into PCI. The PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Companies that fall under this standard could do a variety of things, such as an annual self-assessment questionnaire, or bring in a third-party, independent QSA to do a full-blown report on compliance audit. Morris is a QSA and started at Weaver about eight years ago. A few years into his career, they had a client, a service provider, start getting asked by their customers if they knew anything about PCI and the report on compliance. At the time, they hadn't done anything with it, but decided to figure it out. That morphed into Weaver diving headfirst into PCI. “We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Morris said.

SummaryThis conversation explores the U.S. Army's investment in cybersecurity compliance for small businesses, the importance of mentorship in the defense industry, and the unique career path of Sabrina McIntyre at KPMG. Sabrina discusses her transition from art to cybersecurity, the challenges of navigating compliance standards, and her advocacy for women in the field. The episode also touches on the intersection of art and cybersecurity, the vision for a cybersecurity museum, and fun personal insights from Zabrina's life.TakeawaysThe U.S. Army is investing in small business cybersecurity compliance.Certification programs can help defense contractors meet compliance.Creating a secure environment for small businesses is essential.Mentorship programs are crucial for small business growth.Zabrina's career path showcases the value of diverse experiences.Understanding compliance standards like PCI DSS is challenging but necessary.Being open to new opportunities can lead to fulfilling career paths.Women in Cybersecurity is making strides in community building.Creativity is important in the cybersecurity field.Cybersecurity education should be accessible to all.titlesInvesting in Cybersecurity for Small BusinessesNavigating Compliance in the Cybersecurity LandscapeZabrina McIntyre: A Unique Career JourneyEmpowering Women in CybersecuritySound Bites"Certification program for defense contractors""Largest federal government mentor-protege program""Cybersecurity maturity model is crucial""Be your own best advocate in your career""If you can see it, you can be it""We need more creative people in cybersecurity""Cybersecurity should be accessible to everyone""Umbrellas don't work in Seattle" Chapters00:00 Introduction to the Next Generation Commercial Operations Program02:51 The Importance of Cybersecurity Compliance for Small Businesses05:45 Zabrina McIntyre's Role at KPMG08:54 Zabrina's Unique Career Path11:51 Navigating Cybersecurity Standards14:48 Advice for Aspiring Cybersecurity Professionals17:58 Women in Cybersecurity: Building Community20:59 The Intersection of Art and Cybersecurity24:04 Zabrina's Vision for a Cybersecurity Museum27:02 Lifestyle Polygraph: Fun Questions with Zabrina30:09 Key Takeaways and Closing Thoughts 

Host Dave Sobel engages in a thought-provoking conversation with Josh Hoffman, the Chief Revenue Officer at ControlCase. They delve into the complexities of compliance in the regulatory landscape, particularly in the United States, where a patchwork of state laws creates confusion for businesses. Hoffman emphasizes the challenges faced by clients navigating compliance requirements, highlighting the need for expertise and support, especially for Managed Service Providers (MSPs) who can play a crucial role in guiding their clients through these intricate processes.Hoffman discusses the increasing complexity of compliance requirements, such as the new controls introduced by PCI DSS and the chaos surrounding the Cybersecurity Maturity Model Certification (CMMC). He advocates for a more streamlined approach, suggesting that the industry should work towards simplifying compliance standards to make it easier for businesses to understand and implement necessary measures. ControlCase aims to facilitate this process by offering tools that allow clients to "assess once, comply to many," thereby reducing the burden of compliance and enabling MSPs to monetize their services effectively.The conversation shifts to the challenge of linking cybersecurity efforts to tangible business outcomes. Hoffman explains that while cybersecurity is often viewed through the lens of risk management, it is essential for businesses to recognize the value of a strong cybersecurity posture in protecting their reputation and client data. He encourages MSPs to communicate the importance of cybersecurity to their clients, particularly in industries like law and finance, where safeguarding sensitive information is paramount. By framing cybersecurity as a critical component of business credibility, MSPs can help clients understand the broader implications of their investments in security measures.Finally, the discussion touches on the role of artificial intelligence (AI) in compliance and cybersecurity. Hoffman shares insights into how ControlCase is leveraging AI to enhance the efficiency and accuracy of compliance processes. He notes that AI can significantly improve the speed at which evidence is processed and assessed, ultimately benefiting both clients and MSPs. As the conversation concludes, Hoffman expresses optimism about the future of compliance and cybersecurity, emphasizing the potential for AI to transform the industry and make compliance more manageable for businesses. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

https://www.valuechain.pro/fr/clientshttps://www.linkedin.com/in/khazzaka/

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

#entrepreneur #elonmusk #podcast #millionaire Use code "STORYTIME" to get 20% OFF ALL TICKET PURCHASES to Cape Town 10s on the 31st January - 1st February - https://10s.co.za/capetown10sinfo JP van der Spuy is a South African entrepreneur and tech innovator known for his significant contributions to fintech and the online gaming industry. He co-founded Callpay, a fintech company specializing in secure and efficient online payment solutions. Under his leadership, Callpay became the first African company to achieve Level 1 PCI-DSS compliance, processing over R20 billion in transactions for thousands of merchants before being sold in 2021 for a valuation exceeding R100 million. In 2022, Van der Spuy launched Play.co.za, a sports betting and online gaming platform designed to shake up South Africa's burgeoning gaming market. The platform has attracted partnerships with major brands like ESPN Africa and Tropika Island of Treasure. His ventures demonstrate a blend of innovation and market insight, making him a prominent figure in South Africa's digital and gaming landscapes. Don't forget to like and subscribe FOR MORE INFO JP Van Der Spuy - https://www.instagram.com/jpvanderspuy/ Play.co.za - https://www.instagram.com/play.coza/ Cape Town 10s - https://www.instagram.com/10sseries/ Joshua Eady - https://www.instagram.com/justblamejosh/ Storytime Podcast - https://www.instagram.com/storytimepodcastjosh/ LISTEN Spotify - https://spotifyanchor-web.app.link/e/... Apple Podcast - https://podcasts.apple.com/us/podcast... Amazon Podcast - https://a.co/d/cyCUGeB

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Recorded on-stage at Øredev 2024, Fredrik talks to IT security expert David Jacoby about his way into IT security. What was it like to get interested in computer security early on, and to try start working with it before there really was an awareness of even the need for more security information? And when did the switch happen from annoying but harmless viruses and malware to the modern information stealing and blackmailing? Finally, a horror movie tip. Many thanks to Øredev for inviting Kodsnack again, they paid for the trip and the editing time of these keynote recordings, but have no say about the content of these or any other episodes. Thank you Cloudnet for sponsoring our VPS! Comments, questions or tips? We a re @kodsnack, @tobiashieta, @oferlundand @bjoreman on Twitter, have a page on Facebook and can be emailed at info@kodsnack.se if you want to write longer. We read everything we receive. If you enjoy Kodsnack we would love a review in iTunes! You can also support the podcast by buying us a coffee (or two!) through Ko-fi. Links Øredev All the presentation videos from Øredev 2024 David Why do cyberattacks persist? Unmasking the hidden vulnerabilities in digital transformation - David's keynote doesn't seem to be out in video form yet Kent Beck Beth Andres-Beck Kent and Beth's keynote BBS Sanne Femling - on the program committe for Øredev 2024 Outpost24 - where David was employee #1 PCI DSS - payment card industry data security standard DORA - digital operational resilience act Junkie - the MS-DOS virus. “Like a few other viruses by that time, it caused more panic than any actual damage.” Ransomware The police trojan Tucker & Dale vs. evil Support us on Ko-fi! Titles BBS systems and common acquaintances Don't talk about the keynote Do some hacking on stage For you, I'll do it 30 years as an ethical hacker Somehow cheat the system A cat and mouse game Still way behind

Learn more about cyber risks for small businesses: Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you.Learn how SecurityMetrics can help you navigate this regulatory landscape. We'll discuss:Why your processor is making you do PCI compliance: Did you know that nearly half of all cyberattacks target small businesses?What calling into SecurityMetrics looks like. Learn what information you need handy so you can get your compliance done as quickly as possible, and the questions you should ask to get the best service.Support Stories: Discover how other small businesses have successfully leveraged SecurityMetrics to achieve compliance.Tips and Tricks: Get practical advice on how to optimize your PCI compliance efforts and minimize risks, keeping your business and your customers more secure.Whether you're just starting your PCI compliance journey or looking to improve your existing processes, this video will provide valuable insights and actionable advice.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Purandar Das, the Founder and CEO of Sotero, a global leader in data security and ransomware prevention and Ken Foster, a Cybersecurity, Architecture, and Compliance Expert.The conversation touched on the latest requirement update to the PCI-DSS 4.0, and what motivated this latest update; what types of businesses need to comply with PCI-DSS 4.0, when the deadline for compliance is, and the risks of non-compliance; the reasons for an increased focus on encryption and real-time anomaly detection in PCI-DSS 4.0; how the new update to the PCI-DSS will impact day-to-day operations, and cost implications for organizations; how Sotero helps organizations achieve PCI-DSS compliance; how businesses can leverage PCI-DSS 4.0 compliance as a competitive advantage, and what the future look like for data security standards; and lots more.Support the show

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Host Tom Fox takes things differently in this episode by welcoming Rui Ribeiro, Co-Founder and CEO at Jscrambler, the podcast's sponsor. Rui discusses innovative measures in client-side security and PCI DSS compliance, his professional background, and the significance of the PCI DSS Version 4 update in enhancing client-side environments, mainly focusing on controlling third-party vendors to prevent unauthorized data access. The discussion outlines the strides taken in making transactions secure and offers insights into the broader implications of data privacy and compliance trends. Listeners will gain a comprehensive understanding of the intersection between technology and compliance in the context of data security alongside the evolving regulatory landscape. Key highlights: Exploring Client-Side Security and PCI DSS Compliance The Importance of PCI DSS Version 4 Challenges and Solutions in Client-Side Security Jscrambler's Role and Customer Engagement Future of Client-Side Security and Compliance Resources: Rui Ribeiro on LinkedIn Jscrambler Tom Fox Instagram Facebook YouTube Twitter LinkedIn

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial.In this episode, our panelists discuss:Understanding PCI 4.0 for e-commerce: Learn about the key changes and their implications for your business, especially if you're a small or medium-sized enterprise.Combatting e-commerce skimmers: Discover how attackers target online transactions and the measures you can take to protect your customers' data.The power of script analysis: Understand how script scanning can help identify and mitigate vulnerabilities on your e-commerce website.Securing dynamic content: Explore the challenges of protecting websites with constantly changing content.Choosing the right security solution: Weigh the pros and cons of agent-based and agentless solutions, considering the specific needs of your business.Whether you're a seasoned PCI professional or just starting your compliance journey, learn this episode provides valuable insights to help you safeguard your e-commerce business and protect your customers' sensitive information.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Send us a textUnlock the secrets to enhancing your organization's security posture by mastering the art of security audits. Tune in to discover how security audits play a pivotal role in both the CISSP exam and real-world scenarios. Through personal anecdotes and expert insights, we explore how conducting effective audits with departments like finance can transform your approach to cybersecurity. We also introduce Vuln Hunter, an innovative open-source tool showcased at the No Hat Security Conference, designed to detect Python zero-day vulnerabilities. Learn how this tool could be a game-changer for your development team by catching issues like cross-site scripting before they make it into your live code.Navigate the complexities of security assessments versus audits as we break down these critical processes. With a focus on setting clear parameters to ensure efficiency, we explore the importance of understanding potential risks and planning effective responses. Through discussions on the roles of internal, external, and third-party audits, we highlight the necessity of senior leadership buy-in for successful internal audits and the strategic value of aligning your security efforts with regulatory compliance frameworks such as PCI DSS, NIST, or ISO 27001.Finally, join us as we spotlight the charitable mission of the CISSP Cyber Training program. Every dollar from this initiative goes toward supporting a nonprofit organization dedicated to helping adoptive children and their families. Driven by a personal passion for making a difference, we're dedicated to using this platform to foster both cybersecurity knowledge and positive social impact. Help us spread the word by rating us on platforms like iTunes and YouTube, and be part of a cause that matters.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Sheryl Benedict is a PCI DSS enthusiast and information security and compliance leader with over 25+ years of experience in providing various services for companies ranging from small private companies to Fortune 50 / 500 Global Organizations. She is also one of 24 globally renowned PCI SSC women in payments leaders in the payments industry. She was a PCI DSS speaker at the North America and Europe PCI SSC community meetings and a global PCI DSS speaker for Cyberwise conference in Turkey. Join us as we dig into PCI concerns for small and midsized businesses.

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activityAre you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss their journey of creating a guide designed to help families have conversations about online safety.In this episode, you'll learn:Why open communication is key: Discover how Sean and Emma fostered an environment of trust and understanding about online safety.Common online dangers: Understand the risks your child may face, such as sharing personal information, cyberbullying, and meeting strangers online.Practical tips for parents: Get actionable advice on how to set boundaries, have difficult conversations, and create a safe online space for your child.Whether you're a new parent or a seasoned digital native, this podcast will help you start conversations and find resources to help you protect your child in the ever-evolving online world.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Send us a textEver wondered how a TI-84 calculator can be transformed into a powerful tool for ChatGPT? Join me, Sean Gerber, on this thrilling episode of the CISSP Cyber Training Podcast as we uncover this fascinating tale and explore the evolving landscape of data security. We'll dissect the crucial elements of Domain 2.6 of the CISSP exam, from protecting data-at-rest to data-in-motion, and delve into the significance of Digital Rights Management (DRM) and Data Loss Prevention (DLP). This episode promises to enlighten you on the challenges and solutions of safeguarding data in today's tech-driven world.Next, we'll explore the meticulous process of establishing a robust labeling schema for data within an organization. Learn how to effectively implement physical and digital labels—such as unclassified, secret, top secret, and confidential—using color coding for easy identification. We'll stress the importance of consistent terminology, well-documented procedures, and controlled access to data classification changes. Discover how to tailor security controls to fit various organizational needs and the pivotal role of IT security leaders in guiding departments to enhance their security measures.Finally, we address the critical task of aligning IT security controls with an organization's risk tolerance and operational needs. Understand how focusing on critical assets can optimize data protection without spreading resources too thin. We'll highlight the importance of adhering to security frameworks like NIST, GDPR, or PCI DSS, and the role DRM and DLP play in preventing unauthorized data exfiltration. Plus, we'll introduce Cloud Access Security Brokers (CASBs) and discuss their crucial function in enforcing security policies between organizational networks and cloud service providers. This episode is packed with invaluable insights to prepare you for the CISSP exam and elevate your cybersecurity knowledge.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Links from the episode:https://405d.hhs.gov/Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0.Learn which one is right for your business based on your payment processing environment.Learn about:Different SAQ types for merchantsEligibility criteria for each SAQ typeFactors to consider when choosing a SAQ typeSimplifying your PCI complianceListen now to learn what your business can do to protect itself from data breaches and be compliant.#PCIcompliance #paymentsecurity #merchant #smallbusiness #cybersecurityhttps://www.youtube.com/watch?v=XoR0Tt8uHl4 Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

In the episode, Guy Shalom, the CEO of Glassix, shared the personal story behind the company's inception. Glassix began as a solution to a personal challenge: both of his parents have the same disability, which made effective communication challenging.  This experience inspired Guy to develop a solution that could improve communication not only for his parents but also for customers facing similar difficulties. Over time, this idea expanded and evolved, ultimately becoming Glassix—a company dedicated to improving the customer experience through advanced digital channels and messaging platforms. This journey from a personal challenge to a broader mission encapsulates the company's commitment to making customer interactions more seamless and accessible. Guy was joined by his Head of Product, Yoad Rashti and his CTO, Boaz Katan as I stretched my podcasting limits with three guests at one time!

In the episode, Guy Shalom, the CEO of Glassix, shared the personal story behind the company's inception. Glassix began as a solution to a personal challenge: both of his parents have the same disability, which made effective communication challenging.  This experience inspired Guy to develop a solution that could improve communication not only for his parents but also for customers facing similar difficulties. Over time, this idea expanded and evolved, ultimately becoming Glassix—a company dedicated to improving the customer experience through advanced digital channels and messaging platforms. This journey from a personal challenge to a broader mission encapsulates the company's commitment to making customer interactions more seamless and accessible. Guy was joined by his Head of Product, Yoad Rashti and his CTO, Boaz Katan as I stretched my podcasting limits with three guests at one time!

How prepared is your organization to tackle the growing threat of client-side attacks? In this episode of the Tech Talks Daily Podcast, I sit down with Lynn Marks, Senior Product Director at Imperva, a Thales company, to discuss the rise of Magecart attacks and the implications of the newly updated PCI DSS 4.0 standards. Client-side attacks, like Magecart, have been a looming threat since 2015, gaining significant traction as digital transformation accelerated during the global pandemic. As more businesses moved their operations online, the landscape for these attacks became increasingly fertile, putting sensitive customer data at risk. With the recent release of PCI DSS 4.0, the stakes have never been higher for organizations processing payments online. Lynn dives into the specifics of how these attacks operate, targeting vulnerable JavaScript to steal data directly from users, often without detection. We explore the key updates in PCI DSS 4.0, particularly the new requirements that demand businesses inventory, authorize, and monitor client-side scripts more rigorously. Lynn shares practical insights on how companies can navigate these requirements, mitigate risks, and enhance cross-team communication to protect against these sophisticated threats. What strategies should your business adopt to stay ahead of client-side attackers, and how can you ensure compliance with the evolving security standards? Tune in to this episode for an in-depth conversation on safeguarding your online transactions and staying resilient in the face of emerging cyber threats. After listening, I'd love to hear your thoughts—how is your organization adapting to the new PCI DSS 4.0 requirements?

Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud environments.This episode dives deep into DevOps practices, the role of Terraform, Azure vs AWS, and the challenges organizations face when adopting cloud technologies. Kyler shares valuable insights on overcoming common hurdles, fostering a blameless culture, and the future of DevOps. Don't miss this engaging conversation!Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Send us a Text Message.Are you ready to ace your CISSP exam and propel your cybersecurity career to new heights? This episode of the CISSP Cyber Training Podcast promises to equip you with critical insights on data roles and regulations. From demystifying the responsibilities of data processors under GDPR to unpacking the PCI DSS framework essential for the financial sector, we leave no stone unturned. We'll also clarify the distinctions between asset owners and data owners, and explain who holds accountability for data classification under HIPAA. Plus, you'll get the lowdown on COPPA guidelines for protecting children's data and the intricacies of Singapore's PDPA regulation.But that's not all! Our deep dive into Security Roles and Responsibilities will provide clarity on the essential positions within the cybersecurity realm. Learn how administrators tackle system hardware and software, why data owners hold paramount accountability, and the specialized skills data custodians bring to the table. We also emphasize the significance of business and mission owners understanding SOX compliance, and the pivotal role of administrators in controlling access rights to data. To top it off, we offer career-boosting strategies—from enhancing resumes to negotiating contracts—designed to elevate your cybersecurity career to unparalleled heights. Don't miss this chance to gain knowledge and skills that will set you apart in this dynamic industry!Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Worried about hotel hacking? This episode unveils the cybersecurity protocols of resorts like Atlantis. ️Dive deep into the unique challenges of cybersecurity in hospitality, from balancing guest convenience with ironclad defenses to training a diverse workforce.Tsega Thompson, Executive Director of Cybersecurity and Data Privacy at Atlantis Resorts, shares her insights on:Getting into CybersecuritySpecial Challenges of Cyber in the Hotel IndustryTraining your workforce effectivelyThis is your essential guide to cybersecurity in the hospitality industry, packed with valuable tips for travelers and hospitality professionals alike.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

In this episode, we dive deep into the critical topic of Combatting API Fraud. Join us for an insightful interview with Richard Bird, Chief Security Officer of Traceable, a leading company in API security and observability. Richard shares his extensive experience in the banking and financial services sector, highlighting the evolving landscape of API fraud and the challenges organizations face in mitigating these risks. We discussed the latest PCI compliance updates, findings from Traceable's recent survey, and the strategies financial institutions must adopt to protect their API ecosystems. Learn how unauthorized access, reputational damage, and financial loss are becoming significant concerns, and discover practical solutions to safeguard your organization. Some questions include: What are the most significant changes in PCI DSS 4.0 compared to previous versions? Can you explain the importance of determining an organization's merchant level in the compliance process? How should organizations approach defining the scope of their cardholder data environment (CDE)? What steps can businesses take to ensure they meet the March 2024 deadline for the first phase of PCI DSS 4.0? How can smaller businesses manage the potential costs and resource allocations needed for PCI DSS 4.0 compliance? and more... If you want to be our guest or suggest someone, send your email to info@globalriskconsult.com with the subject line "Guest Suggestion." Stay tuned for more expert discussions on Risk Management, Cyber Security, Sustainability, and the evolving role of the Chief Risk Officer.

All Things Internal Audit: Risk & Cyber Audit Opportunities with AI In this episode, thought leaders discuss the groundbreaking applications of AI in enhancing compliance programs, continuous risk assessment, and cybersecurity audits. Industry experts share real-world examples, such as the use of ChatGPT for PCI DSS compliance and dynamic risk scoring frameworks. Discover how AI is making audit processes more efficient, accurate, and cost-effective, and learn about the crucial role it plays in improving internal audit services. This conversation covers: AI's role in developing and testing PCI DSS compliance programs Training AI models on organizational systems for tailored risk assessments Continuous risk assessment through AI-powered automation AI applications in scenario analysis using cross-departmental data Enhancing dynamic and efficient risk assessment processes with AI AI in cybersecurity audits for improved accuracy and cost reduction Leveraging AI for better communication and collaboration in audits Real-world examples of AI tools streamlining risk assessment and compliance tasks Speakers: Brian Willis, LBMC senior manager, cybersecurity advisor Kunal Agrawal, Diligent customer success director Ethan Rojhani, Grant Thornton principal, risk advisory services Wes Luckock, Grant Thornton senior manager, AI, automation and analytics This episode is available on all major podcast platforms or on our YouTube channel.    

Terrina Taylor Shares Insider Secrets to Merchant Services and Payment ProcessingIn this episode, Dr. Tami Patzer talks with Terrina Taylor, an expert in merchant services specializing in merchant accounts and credit card processing equipment. With her extensive knowledge and experience, Terrina offers businesses a superior alternative to generic one-size-fits-all payment processors like PayPal, Stripe, and Square.Terrina's company provides a holistic, transparent, and growth-oriented approach to Payment Processing, focusing on building long-term partnerships with clients. Today, she'll be sharing her insights on payment processing systems, the importance of PCI-DSS compliance, and more, explaining what it all means for businesses looking to accept payments efficiently and securely.Terrina has a unique perspective, having grown up working in her family's salon business. When the pandemic hit, she had to navigate the shift to more contactless payment options, which led her down the path of researching merchant services in-depth. Terrina now partners with over 15 different payment providers, offering customized solutions for businesses of all sizes and risk levels.If you're a business owner frustrated with the limitations and hidden fees of generic payment processors, this episode is a must-listen. Terrina will explain the key differences between a true merchant account and the sub-merchant status offered by companies like PayPal and Stripe. She'll also dive into the importance of PCI-DSS compliance and how it helps protect businesses from fraud and chargebacks.Additionally, Terrina shares insights on working with high-risk businesses, the components of a payment processing system, and how businesses can potentially save thousands in fees by partnering with her team. She also provides valuable tips on customer service and how to get the fastest access to your funds.Listeners will walk away with a deeper understanding of the merchant services industry and actionable strategies to improve their payment processing setup. Whether you're a brick-and-mortar business, an online store, or operating in a high-risk industry, Terrina's expertise can help you find the right solution to get paid efficiently and securely.To connect with Terrina and learn more, visit her website at TerrinaTaylor.com, where you can download a free ebook with 51 common questions about merchant services.You can also find her on social media, including Instagram, Facebook, and LinkedIn.Schedule a free consultation with Terrina to assess your current merchant account and explore how her team can save you money and provide a superior customer experience.Source: https://businessinnovatorsradio.com/terrina-taylor-empowering-businesses-with-customized-merchant-accounts

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-9

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-10

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization. This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them! While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/vault-bsw-10

Are you compliant yet? Scytale is the ultimate automation platform, helping SaaS companies with their information security compliance. It is the global leader in security compliance automation, helping companies get and stay compliant with security frameworks like SOC 1, SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS, and more without breaking a sweat. Our experts offer personalized guidance to streamline compliance, enabling faster growth and boosting customer trust. Connect with Meiran

On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture.Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world's largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available.Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He's not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it's sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today.Kane's blog can be found here.

“Especially if this is the first time an organization is creating a plan like this, the focus should really be working on it piece by piece to not be overwhelmed. So, start outsmall. What are the designated roles and responsibilities that you have? Then, determine how the plan can best fit your needs. This can be done by assessing what types of incidents are most detrimental to your organization.” - Christina AnnechinoHost Jara Rowe and guest Christina Annechino delve into incident response plans and tabletop exercises in this week's episode. We'll identify common challenges with developing incident response plans and the ins and outs of tabletop exercises. Gain tips on forming an incident response plan and insight into the documentation and testing requirements and compliance standards such as NIST, SOC 2, PCI DSS, and ISO 27001. We provide a comprehensive understanding of the critical elements and processes involved in incident response planning, compliance, and tabletop exercises.In this episode, you'll learn: What defines an incident, and what to include in an incident response plan to be prepared and compliant. Why tabletop exercises are essential for identifying any gaps in the documented processes and procedures and preparing teams for emergencies.How incident response plans and tabletop exercises are crucial in compliance readiness and maintaining security certifications. Things to listen for:[01:58 - 02:40] Definition of an incident and incident response plan[03:55 - 04:34] Tips for creating an incident response plan[04:51 - 05:25] The role of incident response plans in overall risk management[05:33 - 06:00] How incident response plan maintain security and annual certifications[06:21 - 07:05] Definition of a tabletop exercise and its role in incident response plans[07:10 - 08:18] How often to conduct tabletop exercises and their challenges and benefits[08:34 - 09:19] Addressing compliance-related aspects through tabletop exercises[09:30 - 09:59] Compliance standards and the importance of testing incident response capabilities[10:06 - 10:36] Demonstrating a functional incident response plan during compliance audits[10:47 - 10:56] Structure of documentation for incident response plans and tabletop exercises[11:07 - 11:43] Tips on creating an incident response plan and the purpose of tabletop exercises[12:1 - 15:15] Jara's receiptsResources:Data Security 101: Decoding Incidents and BreachesData Breach Preparedness: Developing an Incident Response Plan7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:Christina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025. Segment Resources: https://info.obsglobal.com/pci-4.0-resources Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field is nothing short of legendary, and in this podcast interview, we uncover the profound insights and experiences that have shaped his unparalleled career. Winn Schwartau's journey began long before the mainstream recognition of cybersecurity as a critical discipline. As a thought leader and visionary, he foresaw the digital threats that would come to define our interconnected age. Join us as we delve into the early days of cybersecurity and explore the foresight that led Winn to become a trailblazer in the industry. An accomplished author, speaker, and strategist, Winn Schwartau has been at the forefront of shaping cybersecurity policies and practices. From his groundbreaking book "Information Warfare" to his influential work on the concept of the "Electronic Pearl Harbor," Winn has consistently pushed the boundaries of conventional thinking in cybersecurity. In this podcast episode, Winn shares his unique perspective on the evolution of cyber threats, the challenges faced by individuals and organizations, and the urgent need for a paradigm shift in cybersecurity strategy. Prepare to be captivated by the stories and experiences that have fueled Winn's advocacy for a more resilient and secure digital world. Whether you're a cybersecurity professional, an enthusiast, or simply intrigued by the profound impact of technology on our lives, this conversation with Winn Schwartau promises to be a journey through the past, present, and future of cybersecurity. Don't miss the chance to gain unparalleled insights from a true cybersecurity luminary. Tune in and discover the wisdom that only Winn Schwartau can bring to the table in this illuminating podcast interview. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-825

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025. Segment Resources: https://info.obsglobal.com/pci-4.0-resources Show Notes: https://securityweekly.com/psw-825

Join hosts Stan Wisseman and Rob Aragao as they explore the evolution of payment card security standards. With insights on PCI DSS 4.0, they dive into key changes and technology considerations. From data protection to application security, this episode offers crucial insights for organizations navigating compliance in an ever-evolving landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In today's podcast, Craig Jeffery and Christin Cifaldi discuss PCI-DSS 4.0. They cover various aspects of PCI-DSS, including its objectives, principles, and requirements, as well as changes introduced in PCI-DSS 4.0, such as new requirements and updates to existing ones. At a glance: PCI-DSS v4.0

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify's single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices