Application Security from the Inside Out: Part 1

Application Security from the Inside Out: Part 1

The recent data breach at Equifax is an unfortunate reminder of a long list of hacked sites (Target Stores, OPM, Sony, and others) that were caused by vulnerabilities in the application code. These companies seemed just as surprised as their customers by the attack and had to wonder, “how did this happen?” They did not need to look further than their own unintentional coding policies.…

Read More
Protecting M&A Portfolios from Cyber Threats – It’s Not Just the Obvious Targets

Protecting M&A Portfolios from Cyber Threats – It’s Not Just the Obvious Targets

We spend a lot of time these days talking with private equity investors about the importance of cyber security for their target and portfolio companies. While there is general agreement that it is critical to identify and mitigate potential cyber security risks, those efforts often focus only on the most obvious targets—companies dealing in credit card data, personal financial information, or...

Read More
Despite Heightened Attention To Cybersecurity Risks, Today’s Software Investors Don’t Feel Any Better Prepared

Despite Heightened Attention To Cybersecurity Risks, Today’s Software Investors Don’t Feel Any Better Prepared

During the first half of 2017, West Monroe and Mergermarket surveyed 100 senior private equity and corporate executives, all with organizations that have acquired at least one software firm over the past three years. Respondents cited various challenges to orchestrating a successful acquisition – one of the top among them being cybersecurity.…

Read More
Unpleasant Discoveries: Cybersecurity Vulnerabilities Uncovered

Unpleasant Discoveries: Cybersecurity Vulnerabilities Uncovered

It’s every acquirer’s worst nightmare: you’ve spent countless hours vetting an M&A target, and after the deal goes through, you catch something. West Monroe Partners surveyed top-level corporate executives and private equity partners about their companies’ practices in order to better understand the state of cybersecurity diligence for M&A. The results provide a window into the trends...

Read More
The PCI DSS Cares about Disaster Recovery & Backups

The PCI DSS Cares about Disaster Recovery & Backups

In a separate post, we discussed Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS). Building off those thoughts, this post will discuss an often-overlooked consideration when navigating the PCI DSS – disaster recovery (DR) and backups. West Monroe Partners has extensive experience conducting security due diligences for M&A transactions and helping...

Read More
Backing Up To the Cloud From the Cloud

Backing Up To the Cloud From the Cloud

In our last post, “Managing Administrative Access to an Azure-based Cardholder Data Environment,” we outlined ways to secure administrative workflows by using various Azure technologies. We’ll resume with part eight of the Azure Secure Cloud Migration blog series, covering considerations for backing up VMs in Azure and all the associated restrictions and caveats.…

Read More
Integrating Data Security into Your Transaction Due Diligence Process

Integrating Data Security into Your Transaction Due Diligence Process

It’s hard to read the news these days without seeing another headline about a data breach. As companies rely increasingly on technology, the importance of securing customer information and intellectual property has increased exponentially—as has the cost of failing to keep data secure. Concerns about cybersecurity have become especially acute when it comes to M&A transactions.…

Read More
Reduce PCI DSS Costs by Reducing Scope

Reduce PCI DSS Costs by Reducing Scope

In a recent post, we discussed some scenarios involving Service Providers and their integration into Payment Card Industry Data Security Standard (PCI DSS) compliance. Click here for more of our recent series of blog posts on PCI DSS-related topics for more information. Defining the cardholder data environment (CDE) is a key step toward PCI DSS compliance and has become somewhat of a pain...

Read More
Importance of Cybersecurity: Understanding Preventive “Medicine” to Maintain Cyber Health

Importance of Cybersecurity: Understanding Preventive “Medicine” to Maintain Cyber Health

Believe it or not, information security professionals could learn some lessons from the health and wellness industry. The practice of preventative care can and should be transferred to the information security profession. According to the American College of Preventive Medicine, preventive medicine is defined as “a practice by all physicians to keep their patients healthy“.…

Read More
There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

There’s a Plan for That | Cybersecurity Incident Response & the PCI DSS

In a recent post, we discussed the challenges associated with attesting to the Payment Card Industry’s Data Security Standard (PCI DSS) compliance, including frequent oversights we encounter while conducting security due diligences and gap analyses for our clients. See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on...

Read More
Isolating the Cardholder Data Environment with Network Segmentation

Isolating the Cardholder Data Environment with Network Segmentation

In a recent post, we discussed many of the challenges with attesting to PCI DSS compliance, including a description of some of the factors that are often overlooked when defining the cardholder data environment (CDE). See “Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS)” from our recent series of blogs on PCI DSS-related topics for more information. …

Read More
Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons