The New DIFC Data Protection Law of 2020

Introduction to DIFC Law No. 5 of 2020 Dubai International Financial Center (DIFC), Dubai’s financial services free zone, has issued a new Data Protection Law (DIFC Law No. 5 of 2020), replacing the current regime. The purpose of this law is to provide enhanced standards and controls for the processing and free movement of personal […]

PCI DSS Version 3.2 Released – Summary of Changes

So here it is, PCI SSC has officially released the final version of PCI DSS v3.2 standard document. PCI DSS v3.1 will retire after six months from now and organizations are required to use PCI DSS v3.2 for assessments during this period. The newly added requirements will be considered best practices till 31st January 2018. […]

PCI DSS Compliance Calendar – Activities and Checklist

Compliance to the PCI DSS standard is mandatory for all entities which store, process or transmit card-holder data associated with Visa, Mastercard, American Express, Discover and JCB. As part of this compliance the council requires organizations to undergo periodic assessments and evaluations. Vulnerability Assessments and Penetration Testing (VAPT) is a vital part of this requirement. Network […]

PCI DSS Segmentation Assessment

Network segmentation plays a vital role while complying with the Payment Card Industry Data Security Standard. Effective segmentation helps in reducing the scope of assessment, cost and risk to data security. The PCI DSS standard recommends that networks which process, store or transmit card holder data should be segregated and segmented from network environments that […]

Data Privacy – An Introduction

Definition of Information Privacy Wikipedia defines Information privacy as follows: Information privacy, or data privacy (or data protection), is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Introduction When companies and merchants use data or information that is provided or entrusted to them, this data should be used according […]

Software Project Governance – Using SDLC Metrics

Software Project Governance – Using SDLC Metrics Software project costs generally form 40% of the total IT budget in most companies. However, seldom a software project meets all user requirements, is within the budget and is completed on time. Most software Projects fail to provide the required functionality in the scheduled time and budget. Thus, […]

Vendor Risk Assessment

Introduction Companies today have third party contracts with various vendors. Most of the process are outsourced to various companies. This is the most convenient and flexible way to work, so that overall management activities are limited to just vendor management alone. The quantum of work that is outsourced to third parties include not just IT, […]

Social Media Usage in the Enterprise

Introduction With the onslaught of SMAC – Social Media, Analytics, Mobility and Cloud Computing – in our personal as well as professional lives, we are spending a huge amount of time and energy in a digital world. Many organizations are faced with the challenge of how to handle and even leverage these technological innovations to […]