I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT or […]
A number of clients have asked me about what sort of non-compliance fines or penalties they could potentially face as a PCI Service Provider, assuming there has been no security breach, but PCI DSS compliance has not been achieved.
PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible. Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment […]
The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors. Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]
Pretty much everyone is aware of PCI these days. The Payment Card Industry Data Security Standard (PCI DSS) is one of the most detailed information security standards out there and in most cases has elevated the level of security within organizations.
Read an article recently on study that was comparing organizations that had achieved PCI Compliance, but that when re-visited a year later, had fallen out of compliance.
And a follow-up…(Servers in a PCI Compliant Environment) Hello-So I was the individual who wrote up this question initially and I do have some followup questions. I read about the MS recommendation of deploying in ISA server along with the CAS server to provide the necessary security – but I guess I was looking for […]
The PCI DSS is comprised of over 200 specific requirements, including technical, administrative and policy controls; for this reason, the first consideration when approaching PCI compliance is determining exactly which parts of the environment have to be included within the PCI compliance scope and which do not, based upon the scoping rules provided by the […]
On June 29, 2011 the PCI Security Council released a checklist outlining the types of payment applications that are eligible for PA-DSS validation: