Darnell Keith

Darnell Keith

Posts by Darnell Keith

Building and Maintaining a Secure Network

PCI-DSS for Small Merchants: Start Here Before Requirement 1

When it comes to PCI-DSS, two things determine whether everything else is manageable or a landslide: network segmentation…

Jul 16, 2026
HIPAA

HIPAA Administrative Safeguards: What They Require and Where Small Practices Fall Short

The HIPAA Security Rule applies to every covered entity and business associate that handles electronic protected health information.…

Jul 15, 2026
5-Leadership

ISO 27001 Clause 5.1 — Leadership and Commitment

Clause 5.1 requires top management to demonstrate leadership and commitment to the ISMS. Not delegate it, not approve…

Jul 14, 2026

SSH Certificate Authority with Vault

Static SSH keys are a recurring audit finding. They live in authorized_keys files scattered across servers, get copied…

Jul 9, 2026
4 - Organizational Context

ISO 27001 Clause 4.4 — The ISMS in Practice

Clause 4.4 is the shortest clause in ISO 27001. It reads: “The organization shall establish, implement, maintain and…

Jul 8, 2026
Building and Maintaining a Secure Network

PCI-DSS for Small Business: Requirements 1 and 2 — Build and Maintain a Secure Network

Accepting credit or debit cards comes with security obligations under the Payment Card Industry Data Security Standard. The…

Jul 8, 2026
4 - Organizational Context

ISO 27001 Clause 4.3 — Determining Scope

Clause 4.3 is where the ISMS gets a boundary. The scope determines what you are accountable for controlling,…

Jul 8, 2026
4 - Organizational Context

ISO 27001 Clause 4.2 — Interested Parties

Clause 4.2 asks two things: who are your interested parties, and what do they specifically require from your…

Jul 7, 2026
4 - Organizational Context

ISO 27001 Clause 4.1 — Understanding Your Organization’s Context

This post covers Clause 4.1 specifically — what the standard requires, what to document, and what an auditor…

Jul 6, 2026
NAXS Labs
Logo