Author: Viviana Wesley, PCI QSA Do you accept credit cards as a form of payment? If so, take notice of the guidelines outlined by Visa in response to a recent breach at a grocery store chain: http://usa.visa.com/download/merchants/alert-prevent-grocer-malware-attacks-04112013.pdf
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
A Guide to System Hardening:
I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT or […]
A number of clients have asked me about what sort of non-compliance fines or penalties they could potentially face as a PCI Service Provider, assuming there has been no security breach, but PCI DSS compliance has not been achieved.
PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
Pretty much everyone is aware of PCI these days. The Payment Card Industry Data Security Standard (PCI DSS) is one of the most detailed information security standards out there and in most cases has elevated the level of security within organizations.
Read an article recently on study that was comparing organizations that had achieved PCI Compliance, but that when re-visited a year later, had fallen out of compliance.
And a follow-up…(Servers in a PCI Compliant Environment) Hello-So I was the individual who wrote up this question initially and I do have some followup questions. I read about the MS recommendation of deploying in ISA server along with the CAS server to provide the necessary security – but I guess I was looking for […]