The new European Union (EU) Regulation 2016/679 GDPR (General Data Protection Regulation) have gone into effect May 25, 2018. This will have a far-reaching effect and identify many possible repercussions for any organization collecting, processing, and/or storing any EU citizen’s information. Your company need not be located in any of the EU countries; rather if your company collects any EU citizen’s information, your company must adhere to and be complaint to the new regulation.
Organizational leaders must understand that comprehensive, risk-based decisions are vital to balancing the force multiplying effects of information systems with the risk of those systems being inherently vulnerable to exploitation. If you want to prevent or reduce the likelihood of an attack, you have to risk management strategy: how your organization will frame, assess, respond to and monitor risk over time.
PCI version 3.2 changes include penetration testing every six months, replacing SSL with TLS, having a formal process for detection and reporting critical security control failures, and multi-factor authentication for admin accounts.