VISTA InfoSec is a Cyber Security Consulting firm providing Risk Compliance and Information Security Advisory Services to organizations for the past 16 years (established in 2004). Our key service offerings which include PCI DSS, PCI PIN, PA DSS, PCI SSF, Standard Compliances (ISO 27001, ISO 20000…), Regulatory Compliance (HIPAA, SOC1, SOC2, GDPR, CCPA, PDPA, PDPB…), Mobile / Web App security services, Cloud risk management, Infrastructure Advisory services, and Threat Detection services will give your business the right direction in achieving Compliance, Customer SLA and Information Technology Infrastructure security goals. Our Company has received numerous accolades ranging from DELOITTE TECHNOLOGY FAST 500 ASIA PACIFIC to BEST INFORMATION SECURITY COMPANY OF THE YEAR awards which stands as a testimony to our quality of services we offer.
You're very welcome! We're glad you found the video informative. As a company that specializes in compliance and audits, we know how important staying informed is. If you ever have any questions or need insights on regulatory standards, feel free to reach out!
That's great to hear! We're glad the testing helped clear up your doubts. If you have any more questions or need further clarification, feel free to ask.
Thanks for the support! 🚀 We're glad you found it helpful. Fintech startups definitely have a lot to navigate, and we're here to help with that. Stay tuned for more insights!
We're sorry to hear that you found the tutorial challenging. Your feedback is important to us, and we'll work on improving the pacing and clarity in future videos. we'll do our best to help!
Thank you so much for your feedback! We're glad you found the video helpful. API testing is an essential topic, and we're excited to dive deeper into it. Stay tuned for more videos coming soon, and if you have any specific topics or questions in mind, feel free to share them!
Thank you! We are glad you found the detailed explanation at 9:33 helpful. If you have any more questions or need further clarification, feel free to ask. Your feedback is much appreciated!
00:06 Preparing for a SOC 2 audit is crucial for compliance and can be challenging for first-timers. 02:46 Utilize pre-informative resources for audit preparation 07:00 Introduction to our company and services 09:09 Preparing for a SOC 2 Audit 13:42 SOC 2 audit is based on unique security requirements with over 480-600 requirements 16:08 SOC 2 audits by licensed and approved CPAs are essential for software audit independence. 20:14 SOC 2 Type 2 report requires implementation and consistency of controls. 22:03 New organizations can start with SOC 1 before progressing to SOC 2 25:43 Importance of Security in SOC 2 Audits 27:47 Software audit preparation involves initial kickoff, policy preparation, on-site audit, and annual audit 32:06 Qualifications required for SOC 2 audit 34:17 Performing gap analysis to identify and address gaps in processes and technology. 38:18 Comparison between ISO 27001 and SOC 2 40:27 Overlap between ISO and SOC 2 44:24 Importance of having policies and procedures for managing technologies 46:37 Requirements for preparing for a SOC 2 audit 50:58 Reminder to enjoy life despite challenges Crafted by Merlin AI.
Thank you for your precious feedback, What we believe is giving out real-time explanations and examples for you to understand things effectively. Although we will try to keep the pace at an even slower pace for you to understand 💯.
Excellent Video Brother. How to discover endpoints and hidden parameters for web application vulnerabilities SQL Injection, XSS, LFI, RFI, RCE, OS Command Injection, CSTI, and SSTI? Thanks
To discover endpoints and hidden parameters for web application vulnerabilities like SQL Injection, XSS, LFI, RFI, RCE, OS Command Injection, CSTI, and SSTI, you can use a combination of manual and automated techniques. Start with manual exploration by navigating the application, inspecting source code, and using browser developer tools to identify hidden form fields and JavaScript code. Complement this with automated tools such as web crawlers (e.g., OWASP ZAP, Burp Suite) and fuzzers to systematically uncover endpoints and parameters. Additionally, reviewing API documentation and monitoring network traffic can reveal less obvious endpoints and parameters that may be vulnerable to exploitation.
@Vistainfosecofficial Thanks for sharing valuable information. Hope to see a detailed POC video on the same topic using real live HackerOne, Bugcrowd, and Intigriti target websites soon on your excellent educational channel.
Thank you for your feedback! We are glad we could clear up your doubt. If you have any more questions or need further clarification, feel free to ask. We're here to help!
Tools like Vanta and Sprinto are useful only if you have a good Compliance framework in place. These tools streamline the process and not a panacea for SOC2. We have many clients who misunderstood that having such a tool will magically transform them into a SOC2 compliant organisation only to realise that you still need external auditors and consultants for providing expert finetuned guidance and doing the final audit. Hope this helps
If you are just starting your career, then direct to PCI DSS is not a good way. PCI DSS requires a good understanding of technology, compliance and the audit process. Suggest you to get comfortable with technology with the Security+and Network+ courses, then moving on to a basic standard such as ISO27001... put in a few years of work experience, then get certified on CISA, CISSP and then hopefully a PCI QSA. Hope this helps
As we are going to PCI DSS lev 2 certification first time , so my question is can we do ASV Scanning and Pen test internally by choosing opern source tool or is it mandatory to have outside vendor for this both test scan in PCI DSS lev 2.
For PCI DSS Level 2, businesses must: 1.Conduct quarterly network vulnerability scans by a PCI Security Standards Council-recognized Approved Scanning Vendor (ASV). 2. Complete a penetration test. 3.Use an external ASV for these scans, not internal open-source tools. 4.Note that the ASV process involves a rigorous remote test on the PCI Security Standards Council’s infrastructure. 5.Consult a PCI DSS Qualified Security Assessor or the PCI Security Standards Council for further guidance.
@@Vistainfosecofficial the major concern is mine was as my organisation is small and not so much payment things we are going to do, just asking in the context of financial and technical perspective can we do this internally ASV scanning and pent test and at the end of the year we can do this from outside external vendor from the PCI DSS approved vendors.
@@GauravSonkar-i8b Thank you for your follow-up. We understand the concerns of smaller organizations regarding cost and resources. However, PCI DSS Level 2 requirements are mandatory to ensure necessary security for everyone. Internal scans and penetration tests are valuable, but cannot replace the external ones required by PCI DSS. Approved vendors provide an unbiased, expert assessment. Plan for these external costs in your budget to ensure compliance and protect customer data. There may be ways to supplement with internal monitoring alongside the annual requirement. Let's discuss this further - please reach out to our team or a Qualified Security Assessor for tailored guidance.
Unfortunately, the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) guidelines don't specify a minimum work experience requirement for expatriates. It's always a good idea to check the latest guidelines from the NCA or consult with a legal expert for the most accurate information.
While an ISMS isn’t strictly required for PCI DSS compliance, it is highly recommended. The ISMS and the PCI DSS are two separate standards, each with its own set of requirements. PCI DSS provides the ‘what’ (the specific security requirements), while an ISMS, like ISO 27001, offers a structured framework for achieving and maintaining the ‘how’.
What an information session, I have learnt very much from this session. I would love if i get the link of the Transition of PCI-DSS 3.2.1 to the PCI-DSS 4.0 version for my interview prepration.
Thanks for these kind words. Here is the link to the PCI DSS Summary of Changes r2. Enjoy reading, and good luck with your interview! (listings.pcisecuritystandards.org/documents/PCI-DSS-v3-2-1-to-v4-0-Summary-of-Changes-r1.pdf)
Yes, sure. Here is the video link for you: SOX Compliance Audit Preparation and Checklist (ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-RGxQK6dfu94.html) SOX vs SOC ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-NmxpeXiyPAg.html
Yes, the Reserve Bank of India (RBI) has indeed issued special guidelines for Urban Co-operative Banks (UCBs). These guidelines were introduced as part of the overall structure for Corporate Governance. The RBI has decided to introduce certain principles, standards, and procedures for the Compliance Function in UCBs, keeping in view the principles of proportionality. This circular applies to all UCBs under Tier 3 and Tier 4 categories.
You're very welcome! We're thrilled to hear that you found the video helpful. If you have any more questions or if there's anything else you'd like to see, feel free to let us know. Thanks for watching!
This video has been really really insightful. I am a student interested in cybersecurity and I have been browsing papers and webinars to enhance my knowledge. Thankfully I came across this one detailing out the distinctions of soc 2 and soc for cybersecurity. Great job, sir. Kudos to the team.
Thank you Swagitika for your kind words. We are trying to our best to spread awareness in the community especially for the next generation of CyberSec experts such as yourself. My best wishes to you - Naren
You're very welcome! We're thrilled to hear that you found the video helpful. If you have any more questions or if there's anything else you'd like to see, feel free to let us know. Thanks for watching!
Thanks for your interest in the SOC2 User Guide. It’s released by AICPA and ISACA, but access usually requires a subscription. Visit the AICPA website for more info. Need professional help? Our VISTA InfoSec team is here for you. Any more questions? Feel free to ask.
While we can't recommend specific dual control solutions, I suggest finding one that aligns with PCI DSS principles and fits your organization's needs. Our VISTA InfoSec team can assist in selecting and implementing a dual control solution.
Achieving SOC 2 compliance in AWS Cloud requires a comprehensive approach that encompasses risk assessment, security control implementation, control documentation, and external auditing. VISTA InfoSec's expertise can guide you through this process effectively. Contact us today to discuss your specific requirements and explore our SOC 2 compliance services.
Hi, Hope your doing great.I am right now working as software Engineer and want to change my domain realated to SOX. Could you please suggest me how to start and what all knowledge should i have.
Absolutely! If you’re looking to transition into a SOX-related domain, it’s all about building a strong foundation. Start by getting to grips with the basics of SOX, then consider earning certifications like CISA or CRISC. It’s also crucial to understand IT controls and gain some hands-on experience. Don’t forget the power of networking and make sure to keep learning continuously. For more insights, do check out our RU-vid channel. Wishing you all the best on this exciting journey!
Hello! I liked all your videos! Could you please share complete playlist of PCI DSS Verison 3.2.1 to 4.0 all requirements! I can see only 4 as of now. Thanks! Cheers :)
Hello! We're glad you enjoyed our videos. Other videos are still a work in progress. Subscribe to our channel, and you will be notified when we upload new videos.
Thank you so much! We're glad you found the video informative. Your feedback means a lot to us, and we appreciate your support. If you have any questions or suggestions for future content, feel free to contact us.
Dear Manoj, we appreciate your interest in our content. We’ve already uploaded numerous videos on SOC1 and SOC2. However, we understand your need for a practical video on these topics. Rest assured, we’ll work on creating that for you. In the meantime, please visit our website for more insights. Thank you!
I am new in IT field and i was asked a question which was" which audit have you been involved and tell me your experience? I did not know how to answer it. Most of times during interviews they want people who have the language which is hard for someone who does not have an experience, unless someone has trained you on how to face such questions. Do you offer such training
Thank you for your query. We recommend honesty about your experience in interviews, including any involvement in audits and relevant skills. While we provide audit training and consultations to organizations, not individuals, this can enhance your understanding for future interviews. Best of luck!
Hi there! Thank you for your feedback and interest in our content. While we currently don't have videos on COSO and ITGC, we appreciate your suggestion. We'll definitely consider creating content on those topics in the future. In the meantime, if you have any other questions or topics you'd like us to cover, please feel free to let us know. Your input is valuable to us!
Thank you! We're thrilled that you found the video informative. Privacy and protecting patient confidentiality are crucial topics, and we're glad to provide valuable information on them. If you have any more questions or if there's anything specific you'd like to learn more about, please don't hesitate to ask. Your feedback is greatly appreciated!
Thank you so much for your kind words! We're delighted to hear that you found the presentation informative and easy to follow. Your appreciation means a lot to us. If you have any more topics you'd like to see covered or any questions in the future, please feel free to let us know. We're here to help. Thanks again!
Its very relevant and well organized content related to PCI DSS ..... Very Informative Details...Thanks for sharing such session on public platform. thank you so much .
Thank you for your positive feedback! We're thrilled to hear that you found our content on PCI DSS Compliance for Healthcare Organizations relevant and well-organized. Providing informative details is our goal, and we're glad it was helpful to you. Your appreciation means a lot to us, and we're committed to sharing valuable sessions on public platforms like this. If you have any more questions or need further information in the future, please don't hesitate to reach out. Thanks again for your support!
@TUFyash Thank you for your comment. We’re planning to create a new video on the updated ISO 27001:2022 checklist, including the list of evidence for each control. Stay tuned for that! In the meantime, please visit our website for more information. Thanks for watching!
You're welcome! If you have any more questions or if there's anything else you'd like to see in future videos, feel free to let us know. We're here to help!
Your explanations were clear and concise, and the visuals helped me to better understand the concepts being presented. Keep up the great work, and I look forward to watching more of your content in the future! This video was very helpful for me and my organization to understand the requirement of PCI DSS
Thank you so much for your kind words! We're thrilled to hear that you found our explanations clear and the visuals helpful in understanding PCI DSS. We're committed to delivering informative content, and your feedback motivate us to keep up the good work. We're glad to have been help to you and your organizations. If you have any more questions or topics you'd like us to cover in the future, please feel free to let us know. We look forward to sharing more valuable content with you!"
Organisations have had to adapt quickly to respond to the COVID-19 pandemic in order to keep their staff and customers safe. As government measures across the UK relax, these emergency practices should be reviewed to help you decide if the information you have been collecting is still necessary. You should ask yourself a few questions: How will still collecting extra personal information help keep your workplace safe? Do you still need the information previously collected? Could you achieve your desired result without collecting personal information? You should review your approach and ensure that it is still reasonable, fair and proportionate to the current circumstances, taking the latest government guidance into account.