If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]
Author: Viviana Wesley, PCI QSA The Payment Card Industry Data Security Standard (PCI DSS) version 3.1 was released today outlining a number of important changes.
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA As we rang in the New Year, the transition year for PCI v3.0 compliance came to a close. All businesses are now required to be compliant with version three of the PCI Data Security Standard (DSS). But did you know that a handful of the requirements […]
Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]
Author: Viviana Wesley, PCI QSA The PCI Security Standards Council has published a change highlights document for v3.0 expected in November 7th 2013.
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
We all know Windows Active Directory is a great solution to centrally manage users and computers.
A Guide to System Hardening:
Latest press release from the PCI Security Standards Council – June 28, 2012: