Article Blog Image

Get Ready for your PCI DSS 4.0 Gap Assessment


It’s that time of the year when we earnestly weigh pushing tasks to next year, with a focus on what might be coming across our task lists. And perhaps you are looking at that PCI DSS 4.0 gap assessment as something to get done prior to 2024 budgeting season.

Early in the year might be the best time to do this gap assessment. If your QSA or consulting firm is comfortable including PCI DSS...

Article Blog Image

The Bob Loblaw Log Blog

Requirement 10

Logs provide an important role in the security of your environment. They are a recording what happened and a method to recreate events that led to a security incident. That’s if you capture all of them, if you protect their integrity, and if you are looking for the right things. These common pitfalls affect the ability to monitor your environment and meet PCI requirements.

Capturing all the Logs (10.2.1)

Many times during the annual...

Article Blog Image

Starbucks & PCI

Alternative Payments

Chapter 19 of our book goes through a number of fun topics, including alternative payment schemes, emerging technologies, and a prediction or two on where we see things going and how you can prepare for these changes. There are a couple that we wanted to expand on here in a blog especially with respect to your obligations with PCI DSS compliance.

In 2013, Branden authored a blog post that got a ton of attention....

Article Blog Image

Truncation is a Friend


We felt like the echos just kept getting louder in the book. You don’t have to secure what you don’t store, which means your scope is reduced with a solid truncation strategy. In fact, truncation is the next best thing to secure destruction when it comes to scope reduction and PCI DSS.

When Branden worked for a large bank, this was the strategy he chose to employ in the areas subject to PCI DSS. In...