Regulatory Compliance, Governance and Security:

January, 2009

1

January 30, 2009  9:33 PM

PCI DSS Compliance | What is the “Cardholder Environment”?

Charles Denyer Charles Denyer Profile: Charles Denyer

Regarding PCI DSS compliance, i'm often asked as a PCI QSA what is the cardholder environment? In essence, people are wanting to know what is in scope and how do you determine scope. To be honest, it is not at all a clear black and white answer; so many variables come into play, the biggest being...

January 30, 2009  12:15 AM

SAS 70 Type II Audits | A Discussion on Pricing | Auditor’s Expert Opinion

Charles Denyer Charles Denyer Profile: Charles Denyer

SAS 70 pricing is much like that of a roller coaster ride. I've personally seen the wild swings in the market within the last 3 to 5 years. How volatile has pricing been? Quite a bit and it's based on a number of...


January 29, 2009  1:09 PM

California Security Breach Information Act (SB-1386) | What You Need to Know.

Charles Denyer Charles Denyer Profile: Charles Denyer

In short, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those...


January 28, 2009  1:03 PM

SAS 70 Audits and PCI DSS Compliance | A Two for One Audit? Not Quite

Charles Denyer Charles Denyer Profile: Charles Denyer

As an accountant and a PCI Qualified Security Assessor (QSA), i'm seeing more and more auditors essentially provide audit and fieldwork services for both a SAS 70 and a PCI DSS assessment at the same time, then issue a PCI DSS Report on Compliance (ROC)...


January 28, 2009  12:47 PM

PCI DSS Requirement 1.1.2 | Network Diagrams | Easier Said Than Done

Charles Denyer Charles Denyer Profile: Charles Denyer

PCI DSS Requirement 1.1.2 is an often overlooked area within the PCI framework for assessment. That's also a shame because it's such a critical component for helping lay the groundwork for true clarity and transparency for the assessment...


January 20, 2009  3:30 AM

PCI DSS Compliance | Understanding Cardholder Data and What Information to Store

Charles Denyer Charles Denyer Profile: Charles Denyer

Payment Card Industry Data Security Standards (PCI DSS) compliance is everywhere these days, or so it seems. As a result, there seems to be some confusing information on what CAN and CANNOT be stored regarding cardholder data. Folks, there really should not be any gray area on this, as the rules...


January 17, 2009  8:00 PM

Payment Card Compliance | PCI DSS | Tips on Passing your PCI DSS Assessment

Charles Denyer Charles Denyer Profile: Charles Denyer

Regarding PCI DSS, as a PCI QSA i'm often asked what's the most difficult hurdle that organizations need to overcome for ensuring PCI DSS compliance. Well, we could talk at length about some of the technical, I.T. challenges, such as two-factor authentication, encryption (though not...


January 17, 2009  3:26 AM

PCI DSS Compliance for Merchants and Service Providers | Compliance is MANDATORY

Charles Denyer Charles Denyer Profile: Charles Denyer

That's right. Compliance for the Payment Card Industry Data Security Standards, simply known as PCI DSS, is mandatory for all merchants and many service providers. How mandatory? Enough for MN Governor Tim Pawlenty

  Bookmark and Share     0 Comments     RSS Feed     Email a friend


January 17, 2009  12:21 AM

Payment Card Industry Data Security Standards | PCI DSS | It’s the LAW in Minnesota

Charles Denyer Charles Denyer Profile: Charles Denyer

The Minnesota Plastic Card Security Act, signed by MN Governor Tim Pawlenty, essentially has codified various parts of the Payment Card Industry Data Security Standards (PCI DSS) into law....


January 16, 2009  3:46 PM

SAS 70 Audits & Data Centers | Tips on Preparing for the Audit

Charles Denyer Charles Denyer Profile: Charles Denyer

Today's data centers and managed services providers are complex businesses, providing customers with a wide array of services. As such, SAS 70 audits have become the standard compliance audit for assessing internal controls for data centers and managed...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: