PCI DSS

98180f2c2934cab169b73cb01b6d7587

Payment Card Industry Data Security Standards Overview

March 17, 2011 Added by:Jon Stout

In a nutshell, the PCI DSS requires companies to build and maintain a secure network. The purpose of the PCI DSS is not only to reduce the amount of payment card fraud and identity theft, but also the costs of mitigating the institutional risks associated with those activities...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

RSA 2011 PCI Council Interview with Bob Russo

March 09, 2011 Added by:Anton Chuvakin

Accidental exposure of cardholder data is a known risk. By identifying where the data truly resides first, through a tool or a methodology, should aid organizations in their assessment efforts and ongoing security...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

If Not The PCI Standards, Then What?

March 08, 2011 Added by:PCI Guru

As a new technology matures its security posture matures. With a more mature security posture, the lower the likelihood that a security incident will occur. However, the time it takes for that security maturity to occur can take quite a while and that is where organizations are at the highest risk...

Comments  (0)

E11f33debef2ec264972f2def69a7dd2

Five Questions to Ask Your PCI Auditor Before You Hire Them

March 06, 2011 Added by:Aleksandr Yampolskiy

PCI DSS was created to enforce a set of minimum security standards. If your company accepts credit cards as a form of payment, then it must comply with the PCI standard. You want to use PCI compliance to tighten the security in your company, You don’t want a QSA to let you off easy...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Breaches: If They Want You, They Will Get You

March 02, 2011 Added by:PCI Guru

The card brands need to explain to the public the realities of the PCI standards. Particularly the fact that even if the standards are followed, breaches are still going to occur. Those breaches should be smaller and less costly, but they are still going to occur. That is the stark reality...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Visa Introduces TIP for Merchants

March 01, 2011 Added by:Andrew Weidenhamer

For organizations that are using end-to-end encryption technology, do not have access to the encryption key, and are not storing any cardholder information, it would cost less to perform an On-Site Assessment because the PCI-DSS requirements the merchant has to adhere to are significantly reduced...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 16

February 28, 2011 Added by:Anton Chuvakin

Validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated is proof of organization-wide PCI DSS compliance and can be used for management reporting. Specifically, the following are useful reports...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 14

February 18, 2011 Added by:Anton Chuvakin

The logbook establishes the follow-up required in item 10.6.a of PCI DSS validation procedures, which states “Obtain and examine security policies and procedures to verify that they include procedures to review security logs at least daily and that follow-up to exceptions is required"...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 11.2

February 09, 2011 Added by:PCI Guru

Requirement 11.2 requires that vulnerability scanning is performed at least quarterly. Given the 30 day patching rule and the fact that scanning must be performed after all “significant” changes, an organization really needs to conduct monthly scanning at a minimum to stay compliant...

Comments  (2)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 13

February 04, 2011 Added by:Anton Chuvakin

How do you create a logbook that proves that you are reviewing logs and following up with exception analysis, as prescribed by PCI DSS Requirement 10? The logbook is used to document everything related to analyzing and investigating the exceptions flagged during daily review...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 6.1

February 02, 2011 Added by:PCI Guru

Unlike the insurance industry which has done a very good job of educating management on its value, the security industry has done a very poor job educating management on the value of security and what really needs to be done to secure the organization...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How Much Longer Does the Magstripe Have?

January 29, 2011 Added by:Robert Siciliano

Every U.S.-based credit card has a magnetic stripe on the back. This stripe can be read and rewritten like a burnable CD. The simplicity of the magstripe’s design, coupled with the availability of card reading and writing technology, results in billions of dollars in theft and fraud...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 12

January 28, 2011 Added by:Anton Chuvakin

We have several major pieces that we need to prove for PCI DSS compliance validation. Here is the master-list of all compliance proof we will assemble. Unlike other sections, here we will cover proof of logging and not just proof of log review since the latter is so dependent on the former...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More On The Cloud And PCI Compliance

January 28, 2011 Added by:PCI Guru

PCI DSS can be applied to “the cloud” in its existing form. Then where is the problem? The first problem with “the cloud” is in defining “the cloud.” If you were to ask every vendor of cloud computing to define “the cloud,” I will guarantee you will get a unique answer from each vendor asked...

Comments  (1)

Page « < 8 - 9 - 10 - 11 - 12 > »