Dara Security

Archived News from 2016

Vulnerability Handling Policy – An Unexpected PA-DSS Surprise?

Point of Sale software vendors that have or are planning to go through the PA-DSS validation process are aware of the requirement detailed within the Payment Application standard.  These requirements range from ensuring proper software development and testing processes and support procedures are in place to include detailed technical requirements around password and logging controls.  In addition, many vendors are aware that at the end of their validation process there is an attestation document and a Vendor Release Agreement that must be executed in order for the PCI SSC to...

Read More

The Importance of Cyber Security Awareness

October was National Cyber Security Awareness Month (NCSAM).  This annual campaign, now in its thirteenth year, is a collaborative effort between government and private industry to educate and engage everyone about cybersecurity.  Through the years, NCSAM has raised cybersecurity awareness for consumers of all ages, small businesses, corporations, and educational institutions.

This year’s theme was Our Shared Responsibility, suggesting that our individual behavior online affects many others whether we realize it or not.  Similar to previous years, NCSAM 2016...

Read More

Dara Security expands into the Latin American and Caribbean Region

Dara Security, an award-winning information security company, is pleased to announce a partnership alliance with Manexe, Inc., a growing provider of advanced technology for card payment management based in the Latin American and Caribbean (LAC) region.

With this partnership, Dara Security will provide to companies in the LAC region a suite of compliance and risk management services including the Payment Card Industry Security Standards Council’s PCI DSS and PA-DSS assessment services.  Dara Security will also bring to the LAC region its expertise in profiling and network...

Read More

PCI DSS 3.2 - End of April 2016

PCI DSS 3.2 is due out by the end of April 2016; however, participating members have been provided a draft copy of the standard to be released.  The release of the standard comes with some expected changes that not only clarify existing requirements, but also add some new ones that can bring a few new twists to one’s environment, most notably for service providers.  But first, let’s go over the requirements that affect everyone.

As already known, the date to stop the use of SSL/early TLS as a security control has been extended until June 30, 2018.  This...

Read More