The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:

• How malicious actors use scripts to steal information
• Why PCI DSS requirements were added to deal with this threat
• Jscrambler’s approach to payment page script management 
  
  

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.

Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• What an API is
• Why APIs are targets
• How to keep APIs secure

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.

Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1
• What the risks are to payment page scripts in consumer browsers
• Some of the solutions available to meet these requirements

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:

• How Infosend approached the shift to being assessed against PCI DSS 4.0
• Why companies should make the shift to PCI DSS 4.0 now
• Advice offered to others making the transition to PCI DSS 4.0

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:

• Hackers vs. cybercriminals
• Vulnerability disclosure policies (VDPs) vs. bug bounties
• PCI DSS post-disclosure obligations 

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

Filmed at the 2023 PCI Community Meeting in Portland, Oregon.

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• His unique entry into cybersecurity
• How he continually found non-traditional ways to forge forward in his career
• How introspection and communication make him a better technology professional

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• The role of BT as a PCI Principle Participating Organization (PPO)
• PCI payment security groups BT is interested in collaborating on
• BT representation on the PCI Board of Advisors

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:

• Elements of a mature regulatory compliance program
• Steps you can take to create a mature compliance program in your organization
• Challenges you might face, and how to resolve them

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use.  Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:

-Different types of machine learning
-AI governance and cyber risk
-Risks and rewards of artificial intelligence

Resources:
Privacy Labs
Starrett Law

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:

• Issues for companies developing or using AI
• Concerns about privacy, transparency, and accountability
• How regulations or certifications could be applied

Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)

[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.

If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place 

But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/