Blog

Featured
A Guide to New Requirements in PCI DSS 4.0.1
Get the 2026 SecurityMetrics PCI Guide
Read now
trending_flat
Clouds with sun rays behind and text that reads 'The Manufactured Mystery of Mythos'.
The Manufactured Mystery of Mythos
Read now
trending_flat
Multiple black fingerprints on white background with one fingerprint highlighted in blue at center.
SecurityMetrics Uncovers a Near 700 Site Global Skimming Operation
Read now
trending_flat
Latest
search
Search...
Select Category
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Laptop screen displaying skull and crossbones with search, list, and gear icons connected to it.
What is Formjacking?
Ecommerce Security

Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a payment page form.

Blue credit card labeled CC# and digital payment device with a checkmark on screen.
SAQ A: What to Know, and What to Do
SMB

Learn what’s required to fill out SAQ A.

Blue alert siren light behind laptop displaying three white exclamation marks on screen.
Incident Response: 10 Things to Do if You Have a Data Breach
Forensics

Learn how to effectively respond to security breaches and prevent future attacks.

Blue clipboard icon with text inside outlined cloud shape on light background with small clouds.
PCI Compliance in the Cloud
PCI

Learn how PCI compliance in the cloud affects your organization. "The cloud" brings up an idea of something mysterious and far away, but in reality, “the cloud” is a third-party-managed physical server.

Illustration showing comparison between silhouettes of a medical professional and someone working at a computer.
Role Based Access Control for HIPAA Security
HIPAA

Healthcare providers are responsible to make sure those with access to ePHI require that access to adequately do their jobs.

5 Steps to Making a Risk Assessment
Risk Assessment

Making a risk Assessment, or Risk Analysis, is the first step in the Security Rule compliance.

Stylized numbers 1 to 5 in blue tones with diagonal blue lines below on a light background.
Firewalls 101: 5 Things You Should Know
Data Security

What are firewalls and how do they help protect your business?

Text that says 'How Strong is Your Physical Security' next to an illustration of a blue door with a small plant.
5 Tips to Boost Your Business's Physical Security
Data Security

Many businesses don’t often realize how physical security can help protect their card data.

Diagram showing network setup from internet to wireless router to PC, laptop, and wireless printer.
Network Diagrams: Key to Compliance and Security
Data Discovery

If you were to ask network architects and engineers about their favorite part of the job, I doubt any of them will respond with “creating and maintaining network diagrams.”

Blue outlined 3D text saying 'PCI 4.0' with stacked line effect on a light gray background.
PCI 4.0 Summary of Changes
PCI Trends

PCI 4.0 summary of changes including new requirements that have been added to the standard.

Small blue shop with large window and door under striped awning and sign reading SHOP.
Scoping for PCI Compliance: What You Need To Know
PCI Audit

Scoping is determining what systems are covered or need to be assessed or included as part of your PCI compliance.

Text 'Auditor Tips PCI DSS' on dark background with geometric pattern and blue underline.
Auditor Tips: Requirement 7: Restrict Access
PCI Audit

Cardholder data and card systems should only be accessible to those that need that information to do their jobs. Once you’ve implemented access privileges, make sure to document it.

Illustration of secure online shopping with a lock, shopping cart, credit card, and checkmark icons.
How to Test Your Incident Response Plan
Forensics

How to test your incident response plan and conduct tabletop exercises.

Text reading Auditor Tips PCI DSS on dark textured background with a blue underline.
Auditor Tips: Requirement 6: System Updating And Software Development
PCI Audit

System administrators have the responsibility to ensure that all system components (e.g., servers, firewalls, routers, workstations) and software are updated with critical security patches within 30 days of public release.

Stack of documents with a cover titled REPORT CVE Disclosure on a tech-themed background.
BlogEngine.NET Directory Traversal + Remote Code execution
Data Security

A remote code execution (RCE) vulnerability, CVE-2019-10719, was discovered in BlogEngine 3.3.7 and earlier.

Blue credit card with chip, labeled CC#, showing masked number and name Mrs. Brown.
PCI Assessment FAQs
PCI Audit

To address some of the most common questions we receive about PCI assessments, we sat down with Lee Pierce, a PCI assessment expert with over 15 years in the industry.

Text 'Auditor Tips PCI DSS' on a dark geometric patterned background with a blue underline.
Auditor Tips: Requirement 10: Audit Logs and Log Monitoring
PCI Audit

It’s critical that you configure the log monitoring solution correctly so that the appropriate directories, files, security controls, and events are being monitored.

Text reading Auditor Tips PCI DSS on a dark geometric patterned background.
Auditor Tips: Requirement 11: Testing Security
Penetration Testing

If your organization is required to be PCI compliant, don’t procrastinate beginning the penetration test process.

Text saying PCI 4.0 with layered blue shadow outlines and scattered geometric shapes on light background.
PCI DSS 4.0 SAQ Questionnaires Q&A
PCI Trends

PCI DSS 4.0 SAQ Questionnaires Q&A: While future-dated requirements are not mandatory until March 31, 2025, it's recommended to implement them early for enhanced security.

Text 'Auditor Tips PCI DSS' in white on a dark geometric patterned background.
Auditor Tips: Requirement 9: Improve Your Physical Security
PCI Audit

Once you know what systems you need to protect, put controls in place that can log and restrict access to them.

Text reading Auditor Tips PCI DSS in bold white font on a dark geometric background.
Auditor Tips: Requirement 8: Use Unique ID Credentials
PCI Audit

Requirement 8 is all about using unique ID credentials.

Illustration of blue flag with stars in a circle.
How Much does GDPR Compliance Cost?
GDPR

How much does GDPR compliance cost?

Yellow crane lifting construction frame alongside text about NIST 800-30 framing risk assessment.
SecurityMetrics NIST 800 30 Risk Assessment
Risk Assessment

Use a SecurityMetrics NIST 800-30 risk assessment framework when making your risk assessment.

Blue and white hourglass timer with sand half full in the bottom and top sections.
6 Steps to Making an Incident Response Plan
Forensics

Developing and implementing an incident response plan will help your business handle a data breach quickly, efficiently, and with minimal damage done.

Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
CMMC Compliance
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2026 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2001–2026 SecurityMetrics, Inc.
All rights reserved.
Privacy Policy
|
Terms and Conditions
|
About us