URM > Information Security and Cyber Security > PCI DSS
  • Business Continuity Plans within the PCI DSS | URM Consulting, blog, pci dss, business continuity, business continuity plans, pci dss and business continuity, iso 22301, urm consulting, pandemic planning pcidss,,

    Business Continuity Plans within the PCI DSS

    A great many organisations have recently realised that their business continuity plans (BCPs) failed to consider a scenario in which a global pandemic necessitates total remote working.  As such, continuing to maintain business as usual with staff confined to their homes has been challenging.  Not least of the many challenges, this has created concerns PCI […]

  • Compliance in Christmas, compliance, international standards, it governance, governance, risk management, business continuity, information security, infosec, infosecurity, iso27001, iso22301, disaster recovery, pcidss, payment card, payment security, breach, breach report, cyber security

    Compliance in Christmas

    With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically.  With the increase in the volume of […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]

  • 5 ways to reduce your PCI DSS scope, scope, pci, pcidss, pci dss, payment card security standard, payment card , pci ssc, infosec, ISO 27001, ISO, isms, ISO standard, iso standards

    5 ways to reduce your PCI DSS scope

    Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard.  Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve.   So, it should be no surprise that scope reduction is one of […]

  • PCI DSS: Pros and Cons of Outsourcing, pci, payment card data, payment card security, information security, infosec, iso , isms, iso 27001

    PCI DSS: Pros and Cons of Outsourcing

    In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]

  • Monzo Bank tells customers to change their PINs after security, pci dss, card security monzo bank pin security infosec information security

    To store or not to store? That is the multimillion-dollar (fine) question.

    This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it.  Furthermore, if you do need it, make sure that you know everywhere it is […]

  • PCI DSS - The devil is in the…….Diagrams, pci dss, pci ,payment card data security standard , infosec, information security, iso 27001

    PCI DSS – The devil is in the…….diagrams

    When looking at the key success criteria for any PCI compliance programme, there is no disputing the importance attached to accurately scoping the cardholder data environment (CDE).  Within this blog, we are not going to delve into the murky depths of why a network component may be in or out-of-scope (thank goodness I hear you say), […]

  • vulnerabilities vs penetration test , information security , PIC DSS, Infosec , INfosecurity, Payment Card Data Security Standard , vulnerability assessment

    Vulnerability assessment vs. Penetration testing

    Vulnerability assessment  – Penetration testing, can things go wrong? There seems to be a market trend to offer a vulnerability assessment and package it as a penetration testing exercise.   Both are security controls in ISO/IEC 27001: 2013 Annex A and both have distinct purpose and deliverables.  In addition, they both feature quite heavily within the […]