Blog

Scoping is a key first step in any compliance assessment, and those who have been through the process understand how vital—and how tricky—it can be. Scoping is particularly crucial in PCI DSS, as drawing your boundaries largely determines which requirements your organization must satisfy, and when you’re operating within a Zero Trust environment, things appear to get more complicated.

Artificial intelligence (AI)—you’ve heard of it, you’re likely using it, and you know it’s already used everywhere and its reach will only likely increase. These days, the term "AI" is thrown around frequently, but because this technology is actually made up of many different subsets that generally all get thrown under the umbrella of AI, it can sometimes lead to confusion.

Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.

Like all evolutions in technology, quantum computing promises to revolutionize problem-solving and to do so at speeds that are unimaginable for classic computers we know. However, this technological advancement also poses a significant threat to our current cryptographic systems and algorithms that underpin how the world protects and verifies information.

Comprised of both the PCI Secure Software Lifecycle (Secure SLC) Standard and PCI Secure Software Standard, the PCI Software Security Framework (SSF) is intended to help secure the design, development, and maintenance of software in payment environments. And while secure coding can be difficult, taking a conceptual approach to software development may make it—and PCI SSF compliance—a little easier.

While most healthcare providers don’t recognize that managing and securing payment data follows the same notions as managing and securing protected health information (PHI), from concept to implementation, these can, and should, work hand in hand.

As in nature, many elements function together to support the payment ecosystem, which—as a whole—creates what is our largely digital economy. Of course, due to the sensitivity of the information contained within that ecosystem, some elements are subject to compliance with the PCI DSS security requirements.

In the legendary Lord of the Rings series, leaders from different societies create a fellowship of nine different people tasked with saving Middle-Earth. The idea wasn’t originally to send nine, and there were obvious reservations about trusting some of the Fellowship with such a serious mission. (Looking at you, Pippin.)