Updated for PCI DSS Version 2.0 where internal scanning is now required!
With the recent updates to PCI DSS, get all the facts and learn how to comply with our updated version of the book.
The book is a guide to understanding how to protect cardholder data and comply with the requirements of PCI DSS. It arms you with the facts, in plain English, and shows you how to achieve PCI Compliance. Discover:
. What the Payment Card Industry Data Security Standard (PCI DSS) is all about
. The 12 Requirements of the PCI Standard
. How to comply with PCI
. 10 Best-Practices for PCI Compliance
. How QualysGuard PCI simplifies PCI compliance
The SANS 20 Critical Security Controls are known for driving effective security programs across government agencies, establishing guidelines for security professionals to ensure the confidentiality, integrity and availability of information technology assets. This paper describes how automating these controls using QualysGuard can protect your organization with continuous security while drastically lowering costs.
Patching is a key strategy for managing vulnerabilities and ensuring enterprise-wide security. Unfortunately, there are often so many flaws in software that patching becomes an overwhelming process.
This white paper describes an approach to patch management that allows you to prioritize vulnerabilities that pose the greatest risk and accelerate the speed at which patches are applied. Also inside, find ten steps to improve patching – read on to learn more.
Vulnerabilities in web applications are a major vector for cyber-crime. In large organizations, vulnerable web applications comprised 54% of all hacking breaches and led to 39% of compromised records, according to the 2012 Data Breach Investigation Report by Verizon Business.
This paper describes how large enterprises can effectively discover, catalog and scan web applications to control this major risk vector as part of their organization’s overall vulnerability management program.
This guide explains how QualysGuard PC automates the "C" in GRCM by automatically scanning all assets, collecting operating system configuration and application access controls, mapping these to IT policy, and documenting compliance.