Which PCI SAQ is Right for My Business?

Prove your payment card security to your bank through an SAQ.

Brand Barney, Security Support Director, CISSP
By: Brand Barney
A PCI Self-Assessment Questionnaire (PCI SAQ) is a merchant’s statement of compliance. It’s basically proof that you’re doing what you’re supposed to be doing, security-wise. 

Essentially, a PCI questionnaire is a list of security standards that businesses must review and follow. Depending on how you process credit cards, (and depending on how secure that method of processing is) you may be required to fill out a PCI SAQ A (14 questions) down to a PCI SAQ D (329 questions).
HIPAA Alphabet Soup: Unjumbling the Jargon

What do all those acronyms stand for anyway?

Tod Ferran, Security Analyst
By: Tod Ferran
Sometimes I wish I could ban acronyms from the planet. HIPAA includes many such acronyms, mostly security-related. You may come across them in actual HIPAA text, online during security research, or when talking to a healthcare compliance consultant.
CISSP? BA? IRP? What does it all mean!?

Here are the ones you should understand to fully grasp most HIPAA security requirements. 

PCI 3.0: What You Need to Know

What requirements changed from PCI 2.0, and why?

Gary Glover, Director of Security Assessments
By: Gary Glover
The PCI DSS was updated for the fourth time (1.0, 1.2, 2.0, 3.0) in November 2013. As always, the changes the PCI Council made address the latest vulnerabilities and include additional clarification and new guidance. 

While I won’t cover every single nitty-gritty aspect that changed from 2.0 to 3.0 (like all the clarifications), I’m covering the most important changes affecting the majority of merchants.

10 Tips for Keeping Security in the Budget

Security doesn’t have to be expensive to be effective.

Giles Witherspoon-Boyd, Enterprise Account Manager
By Giles
Sometimes security can be an overwhelming (and expensive) burden for small businesses to bear. According to Spiceworks, the average annual IT budget for small and medium businesses is $192,000. How much of that is allotted to security? I would estimate less than 10%.

But if 10% is all you have to spend, let’s make it work to your advantage.

Is Working From Home HIPAA Compliant?

Securing remote access in healthcare environments.

Tod Ferran, Security Analyst
By: Tod Ferran
Do employees at your office like to work from home? Does the doctor regularly access patient data in another place besides your office? Do you use a third party for IT support or billing? 

They probably use a remote access application (like GoToMyPC, LogMeIn, or RemotePC) to gain admittance to your patient database from elsewhere. 

That’s great for productivity, but often bad for security.