Blog

Featured
February 3, 2025
Big Changes for SAQ A: What You Need to Know About 2025 Updates for 11.6.1 & 6.4.3
Recognizing a Phishing Email in the Age of Artificial Intelligence
Read now
trending_flat
November 26, 2024
Top FAQ’s For Acquirers Answered
Read now
trending_flat
What Are HIPAA Compliant System Logs?

System logs are part of HIPAA compliance and specifically mentioned in two different requirements.

The Importance of Log Management

Log management and regular log review could help identify malicious attacks on your system.

System Hardening Standards: How to Comply with PCI Requirement 2.2

Merchants must “address all known security vulnerabilities and [be] consistent with industry-accepted system hardening standards.”

Social Engineering Training: What Your Employees Should Know

Learn how to help your employees be better prepared to fight against social engineering tactics.

What are Service Provider Levels and How Do They Affect PCI Compliance?

If you’re a service provider, you may have some different PCI requirements based on what level you are.

SAQ A-EP: The What and the How

The biggest difference between SAQ A and SAQ A-EP is based on how cardholder data is handled.

PCI DSS Version 4.0 SAQ Changes

There are some key changes to the PCI DSS 4.0 SAQ questionnaires you will want to be aware of.

Key PCI DSS 4.0 Requirement Updates

You will need to be compliant with PCI DSS 4.0 by March 31, 2025. We recommend starting your transition to 4.0 by reading the documents that explain the new PCI standard, including the executive summary, which has a lot of good information in it.

How Much Does HIPAA Compliance Cost?

Lack of budget is a plague that affects risk and compliance officers at health organizations of all sizes. This post will give you the information you need to more accurately plan your HIPAA budget.

HIPAA vs. PCI DSS Compliance

Why do you need to comply with PCI if you’ve already taken care of HIPAA?

Are Patient Sign-In Sheets a HIPAA Violation?

My stance on patient sign-in sheets is that unless there is a valid business reason for having them, don’t do it.

HIPAA Violations: Who is Responsible?

Is it your responsibility to ensure that your clinic is HIPAA compliant?

5 Tips to Implement Security Awareness at Your Company

Whether you’re a CIO, the head of IT, or in a non-security-related position, if your data security practices are unclear, your company is at a greater risk to a data breach.

How to Perform a PCI v4.0 SAQ A Self-Assessment

Performing an SAQ A version 4.0 Self-Assessment: Several new requirements, both existing in version 3.2.1 of the standard and some newly created for version 4.0, have been added to increase the security of outsourced ecommerce environments.

How to Manage a Healthcare Data Breach

Data breaches can be devastating. Here are 5 steps that will help you manage a healthcare data breach.

Are HTTP Websites Insecure?

There are two website prefixes: One shows the site you are on is secure (HTTPS), and the other does not (HTTP).

What is Tokenization and How Can I Use it for PCI DSS Compliance?

Tokenization is used for securing sensitive data, such as a credit card number, by exchanging it for non-sensitive data - a token.

Wireless Access Point Protection: 5 Steps to Find Rogue Wi-Fi Networks and Comply with PCI DSS Requirement 11.1

A rogue access point is a wireless access point installed on a secure network without the knowledge of the system administrator.

What Does a Cyber Forensic Investigation Do and How Much Does It Cost?

Learn what a forensic investigation accomplishes and how much it might cost.

Your Crash Course To HITRUST CSF Assessment Types

This blog will cover the three types of HITRUST CSF certifications. It will also cover what you can expect to achieve upon completion of each type of assessment and general guidelines of which assessment is best for your organization.

PCI DSS Compliance for Service Providers FAQ

pci dss compliance for service providers is necessary if your organization provides services to merchants that may affect the security of their merchant payment data.

PCI Requirement 11: Vulnerability Scans and Penetration Tests

PCI Requirement 11 discusses vulnnerability scanning and penetration testing.

Do You Need a Web Application Penetration Test?

Do You Need a Web Application Penetration Test? It’s important for your business to find and remediate any vulnerabilities your web applications may have. This is where web application penetration testing comes in.

Penetration Testing FAQs

We outline the penetration testing process in detail and answer some of the most frequently asked questions related to this important security test.

Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000