Hello PCI SSC… Can we rethink?
This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend, based on my read at the time of the PCI SSC’s Special Interest Group …
Hello PCI SSC…
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program …
PCI Breaches – Can we at least detect them?
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise …
Compliance obligations need not stand in the way of better information security and risk management
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …
May we suggest some priority adjustments to your PCI DSS Compliance program?
It isn’t any news that achieving PCI DSS Compliance continues to be onerous for many merchants out there. PCI DSS is after all an all-or-nothing regulation meaning that not …
Verizon 2010 Data Breach Investigations Report – Key takeaways for Security Assessors and Auditors
The Verizon 2010 Data Breach Investigations Report (DBIR) released last week has some interesting findings, just as it did last year. What makes it special this year is that Verizon …
Logging for Effective SIEM and PCI DSS Compliance …. UNIX, Network Devices and Databases
In one of my previous blogs, I covered the importance of logging the “right” events for an effective Log Management or Security Information and Event Management (SIEM) deployment … see …
PCI DSS – Quick and Dirty?
I recently received a tweet titled “PCI DSS Compliance – Quick and Dirty”. I think it is safe to say that such a title is bound to grab immediate attention …
New details released regarding Internal Security Assessor (ISA) program for PCI DSS
PCI SSC has just released new details regarding the training schedule for the ISA program. The program is obviously PCI SSC’s response to the often heard complaints from merchants and …
Logging for PCI DSS Compliance
PCI DSS has had specific requirements for logging and review of those logs for sometime now. The logging requirements (under Requirement 10 ) have a primary objective of supporting forensics …
