Early July sees the latest fines imposed by Health & Human Services Office for Civil Rights for HIPAA violations.
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI […]
QSA stands for Qualified Security Assessor, and they are certified by the PCI Security Standards Council. QSAs are tasked with providing guidance and validation to the DSS. QSAs are special in that they have been certified for their knowledge and ability to advise on the PCI DSS specifically. There are roughly 800 QSA individuals in North America […]
I’ve spoken with several people in the past few months that have come right out and said that they believed they were not compliant with the PCI and were simply unsure what to do. Their questions were basically the same; what should we do first, who should we tell, how long will this take, and the […]
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a […]
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment.
So I’ll admit I’m relatively new to the PCI Compliance arena. That said, I’ve been working with technology and financial companies for the last 15 years and while I’ve seen topics come & go; PCI Compliance is here to stay. I’ve noticed some commonalities from the folks I’ve spoken with recently and I wanted to share some […]