Blog Posts Tagged with "QSA"

Ebb72d4bfba370aecb29bc7519c9dac2

RSA 2011 PCI Council Interview with Bob Russo

March 09, 2011 Added by:Anton Chuvakin

Accidental exposure of cardholder data is a known risk. By identifying where the data truly resides first, through a tool or a methodology, should aid organizations in their assessment efforts and ongoing security...

Comments  (0)

E11f33debef2ec264972f2def69a7dd2

Five Questions to Ask Your PCI Auditor Before You Hire Them

March 06, 2011 Added by:Aleksandr Yampolskiy

PCI DSS was created to enforce a set of minimum security standards. If your company accepts credit cards as a form of payment, then it must comply with the PCI standard. You want to use PCI compliance to tighten the security in your company, You don’t want a QSA to let you off easy...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Proactive and Continuous Compliance? For Real?

February 24, 2011 Added by:Anton Chuvakin

Is continuous compliance a reality at your organization? Are you doing something 9, 6, 3 months before the annual PCI DSS assessment? Do you meet the auditor once a year? Or do you make an effort to stay compliant?

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 14

February 18, 2011 Added by:Anton Chuvakin

The logbook establishes the follow-up required in item 10.6.a of PCI DSS validation procedures, which states “Obtain and examine security policies and procedures to verify that they include procedures to review security logs at least daily and that follow-up to exceptions is required"...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 6.1

February 02, 2011 Added by:PCI Guru

Unlike the insurance industry which has done a very good job of educating management on its value, the security industry has done a very poor job educating management on the value of security and what really needs to be done to secure the organization...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 12

January 28, 2011 Added by:Anton Chuvakin

We have several major pieces that we need to prove for PCI DSS compliance validation. Here is the master-list of all compliance proof we will assemble. Unlike other sections, here we will cover proof of logging and not just proof of log review since the latter is so dependent on the former...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More On The Cloud And PCI Compliance

January 28, 2011 Added by:PCI Guru

PCI DSS can be applied to “the cloud” in its existing form. Then where is the problem? The first problem with “the cloud” is in defining “the cloud.” If you were to ask every vendor of cloud computing to define “the cloud,” I will guarantee you will get a unique answer from each vendor asked...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Network Segmentation – One Last Discussion

January 21, 2011 Added by:PCI Guru

Just because you implement all of these recommendations does not make you invincible. All these recommendations do is just make the likelihood of an incident and the potential damage resulting from an incident lower than if you had little or no controls in place...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

MasterCard SDP Revisited For Level 2 Merchants

December 28, 2010 Added by:PCI Guru

All of these merchants intend to conduct their own SAQ but wanted to make sure that was still acceptable under the MasterCard SDP rules. Last year there was a lot of confusion since MasterCard pulled back on their decision to require Level 2 merchants to have a QSA conduct an on-site PCI assessment...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

The PA-DSS Certification Clarification

December 16, 2010 Added by:PCI Guru

Changes that fall into these two categories do not require that the PA-QSA conduct a re-assessment of the application and file a new Report On Validation. The application continues to hold its existing PA-DSS certification. However, the PA-QSA is required to prepare and file a Minor Update...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 2

December 09, 2010 Added by:Anton Chuvakin

It is important to note that such a list has its roots in IT governance “best practices,” which prescribe monitoring access, authentication, authorization change management, system availability, and suspicious activity...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Interesting Announcements From The PCI SSC

December 08, 2010 Added by:PCI Guru

The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 1

December 06, 2010 Added by:Anton Chuvakin

This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

Requirements That Are Never Not Applicable

November 24, 2010 Added by:PCI Guru

At the end of the day, the bottom line here is that all organizations are required to ensure that wireless networking is either not present on their network or, if present, it is only their wireless devices and that those wireless devices are appropriately implemented and secured...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

Who Is Responsible In A Breach?

November 19, 2010 Added by:PCI Guru

Unfortunately, the card brands have not helped the situation. The card brands approach to breaches boarders on childlike. In their view, it is everyone’s fault – the organization that was breached, the QSA, anyone except, of course, the card brands...

Comments  (0)

Page « < 1 - 2 - 3 > »