ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1521 Results
Page 29 of 153

What is PCI PA-DSS?


The Payment Application Data Security Standard (PA-DSS) is a program designed to help companies like software vendors build secure payment applications that don’t store “prohibited data,” such as full magnetic stripe, PIN data, or CVV2. PA-DSS makes sure payment applications support PCI DSS compliance. But, the use of a PA-DSS-compliant application by itself isn’t the […]

digital devices and security icons

November 28, 2023

To Whom Does the CCPA Apply?


The California Consumer Privacy Act (CCPA) applies to certain for-profit businesses that collect or have collected the personal information of California residents, whether or not those businesses are located in California. Often compared to the European Union’s General Data Protection Regulation (GDPR), the CCPA is the most stringent data privacy law in the United States. […]

U.S. map with red push pin in California

Tags: ,

What is COSO?


The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed initially to enable the National Commission on Fraudulent Financial Reporting. It was founded by five significant professional associations: The American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the […]

businessman tapping automation directive on touchscreen

Tags: ,

PCI Scope: What Is it & Best Practices


E-commerce is a huge commercial realm, with some 2.14 billion digital buyers worldwide by the end of 2021. At the heart of e-commerce is the ability to keep payment card data secure during online transactions, and at the heart of payment card security is Payment Card Industry (PCI) compliance. Technically, PCI compliance is not required […]

Customer stand near bar counter make payment use contactless credit card close up hands device view, cashless method pay bills in commercial places concept.

What Is a SOC 2 Readiness Assessment and Why Do You Need It?


SOC 2 audits are independent assessments of your company’s cybersecurity posture, and those audits are no walk in the park. Hence it would be wise for your company first to undertake its own SOC 2 readiness assessment: so that you can identify and correct problems before the external auditors find those issues for you. First, […]

business owners reviewing paperwork for a readiness assessment

Navigating the Waters of Change: A Risk Expert’s Roadmap for NYDFS Cybersecurity Regulation Compliance


In the fast-paced world of cybersecurity, change is not only constant but crucial. The New York Department of Financial Services (NY-DFS) demonstrated that principle on Nov. 1, 2023, when it completed a sweeping set of updates to its cybersecurity regulation.  If you find yourself apprehensive about these changes, fret not — I’m here to guide […]

Cut Through Compliance Complexity with Consolidated Objectives


2023 has been a rough year, with large tech companies worldwide hit by huge fines for violating the EU General Data Protection Regulation (GDPR) and other compliance violations as well. Businesses can bring their best talent and technology to maintain regulatory compliance, but the plain truth is that as a business grows, so does the […]

consolidated objectives

Tags: , ,

November 27, 2023

What is a SSAE 18 Audit?


The SSAE 18, or Statement on Standards for Attestation Engagements No. 18, auditing standards require that service organizations confirm and re-confirm third-party vendor certifications and controls on an ongoing basis. Overseen by the American Institute of Certified Public Accountants (AICPA), SSAE 18 governs how companies report on their internal controls. According to the AICPA, attest […]

electric impulses serpentining from a digital shield

Tags: ,

November 22, 2023

What Are the Differences Between FISMA and FedRAMP ?


The U.S. federal government is one of the largest organizations in the world, and a vast number of private businesses provide goods and services to the government as federal government contractors. This means that those contractors must pay close attention to two cybersecurity standards: the Federal Risk and Authorization Management Program (FedRAMP) and the Federal […]

lock illustration with microcircuit on USA flag and blurry skyscrapers background, cyber security concept

How to Prepare for PCI DSS 4.0 to replace PCI DSS 3.2.1


By Mike Killinger, GRC Solutions Consultant As the world of digital payments evolves rapidly, staying ahead in terms of security standards is paramount for any business handling cardholder data. The introduction of PCI DSS 4.0 brings significant updates and enhancements aimed at strengthening payment security and overall cybersecurity in an increasingly complex cyber landscape. In […]

PCI DSS 4.0

Page 29 of 153

Ready to Experience Simply Powerful GRC?

×