Posts Tagged: risk

Cyber Essentials Certification Body

We’re pleased to announce that¬†Ambersail is a Cyber Essentials Certification Body and we can help you achieve either Stage 1 or Stage 2 compliance as required. Cyber Essentials is a UK Government-sponsored scheme open to organisations of all sizes.¬† It includes a formal certification¬†showing adherence to a basic set of information security controls. It is… Read more »

Barclaycard Risk Reduction Programme Position Statement

Barclaycard has issued the following positioning statement regarding the Barclaycard Risk Reduction Programme and it’s relationship with the PCI DSS and participating card schemes (Visa, Mastercard, Amex). If you’re a Barclaycard merchant participating in the BRRP, this positioning statement may be of interest to you. If you’d like to find our more about the BRRP,… Read more »

Risk Assessment Guidelines Information Supplement

You might be interested to read the recently published output from the PCI Risk Assessment SIG (Special Interest Group). There’s guidance in there on what constitutes a risk assessment process, and what it should cover. The document makes specific reference to PCI DSS requirement 12.1.2: “12.1.2 Includes an annual process that identifies threats, and vulnerabilities,… Read more »

PCI DSS Mandatory Risk Ranking

PCI requirement 6.2 “Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities” includes the additional note: “The ranking of vulnerabilities as defined in 6.2.a is considered a best practice until June 30, 2012, after which it becomes a requirement.” As the summer (at least in the Northern Hemisphere) is… Read more »