PCI DSS

Fc152e73692bc3c934d248f639d9e963

PCI SSC Updates the ASV Training Program

April 05, 2011 Added by:PCI Guru

The ASV training program has blindsided the ASV community as it was a total surprise. Yes, there has been talk over the years at the Community Meetings and in other venues regarding ASV qualifications and training, but nothing ever seemed to come from those discussions...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Compliance and Virtualization

March 24, 2011 Added by:PCI Guru

It still surprises me the number of IT professionals that seem to think that because they are implementing Windows or Linux as a virtual machine there is something different about security and you can skimp on hardening. Security hardening procedures need to be completely followed regardless...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 18 FINAL

March 22, 2011 Added by:Anton Chuvakin

For log exceptions copied from log aggregation tool or from the original log file, make sure that the entire log is copied, especially its time stamp, which is likely to be different from the time of this record, and the system from which it came from - what/when/where, etc...

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Payment Card Industry Data Security Standards Overview

March 17, 2011 Added by:Jon Stout

In a nutshell, the PCI DSS requires companies to build and maintain a secure network. The purpose of the PCI DSS is not only to reduce the amount of payment card fraud and identity theft, but also the costs of mitigating the institutional risks associated with those activities...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

RSA 2011 PCI Council Interview with Bob Russo

March 09, 2011 Added by:Anton Chuvakin

Accidental exposure of cardholder data is a known risk. By identifying where the data truly resides first, through a tool or a methodology, should aid organizations in their assessment efforts and ongoing security...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

If Not The PCI Standards, Then What?

March 08, 2011 Added by:PCI Guru

As a new technology matures its security posture matures. With a more mature security posture, the lower the likelihood that a security incident will occur. However, the time it takes for that security maturity to occur can take quite a while and that is where organizations are at the highest risk...

Comments  (0)

E11f33debef2ec264972f2def69a7dd2

Five Questions to Ask Your PCI Auditor Before You Hire Them

March 06, 2011 Added by:Aleksandr Yampolskiy

PCI DSS was created to enforce a set of minimum security standards. If your company accepts credit cards as a form of payment, then it must comply with the PCI standard. You want to use PCI compliance to tighten the security in your company, You don’t want a QSA to let you off easy...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Breaches: If They Want You, They Will Get You

March 02, 2011 Added by:PCI Guru

The card brands need to explain to the public the realities of the PCI standards. Particularly the fact that even if the standards are followed, breaches are still going to occur. Those breaches should be smaller and less costly, but they are still going to occur. That is the stark reality...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Visa Introduces TIP for Merchants

March 01, 2011 Added by:Andrew Weidenhamer

For organizations that are using end-to-end encryption technology, do not have access to the encryption key, and are not storing any cardholder information, it would cost less to perform an On-Site Assessment because the PCI-DSS requirements the merchant has to adhere to are significantly reduced...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 16

February 28, 2011 Added by:Anton Chuvakin

Validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated is proof of organization-wide PCI DSS compliance and can be used for management reporting. Specifically, the following are useful reports...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 14

February 18, 2011 Added by:Anton Chuvakin

The logbook establishes the follow-up required in item 10.6.a of PCI DSS validation procedures, which states “Obtain and examine security policies and procedures to verify that they include procedures to review security logs at least daily and that follow-up to exceptions is required"...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 11.2

February 09, 2011 Added by:PCI Guru

Requirement 11.2 requires that vulnerability scanning is performed at least quarterly. Given the 30 day patching rule and the fact that scanning must be performed after all “significant” changes, an organization really needs to conduct monthly scanning at a minimum to stay compliant...

Comments  (2)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 13

February 04, 2011 Added by:Anton Chuvakin

How do you create a logbook that proves that you are reviewing logs and following up with exception analysis, as prescribed by PCI DSS Requirement 10? The logbook is used to document everything related to analyzing and investigating the exceptions flagged during daily review...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 6.1

February 02, 2011 Added by:PCI Guru

Unlike the insurance industry which has done a very good job of educating management on its value, the security industry has done a very poor job educating management on the value of security and what really needs to be done to secure the organization...

Comments  (0)

Page « < 8 - 9 - 10 - 11 - 12 > »