PCI DSS AND PA-DSS V3.0 CHANGE HIGHLIGHTS
Author: Viviana Wesley, PCI QSA The PCI Security Standards Council has published a change highlights document for v3.0 expected in November 7th 2013.
Tag Archives: PCI
SEIM Many Logging Options – What to Do?
Log and Security Event Information Management (SEIM) are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which have already […]
Security Alert: Recent Breach at Grocery Chain
Author: Viviana Wesley, PCI QSA Do you accept credit cards as a form of payment? If so, take notice of the guidelines outlined by Visa in response to a recent breach at a grocery store chain: http://usa.visa.com/download/merchants/alert-prevent-grocer-malware-attacks-04112013.pdf
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines.
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
PCI Compliance – 96% of victims subject to PCI DSS had not achieved compliance
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
PCI Compliance Guidelines: Locking Down Firewall Rules for Active Directory Replication
We all know Windows Active Directory is a great solution to centrally manage users and computers.
Guide to System Hardening | PCI DSS Compliance
A Guide to System Hardening:
PCI Security Standards Council Releases Point-To-Point Encryption (P2PE) Resources
Latest press release from the PCI Security Standards Council – June 28, 2012:
PCI Council Changes the Rules for PA-DSS Minor Changes
The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors. Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]
Allowing updates through WatchGuard firewalls
Allowing updates through WatchGuard firewalls. As you are probably aware of by now, the PCI DSS requires that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment, and that the restrictions are documented.