Regulatory Compliance, Governance and Security:

January, 2009

1

January 30, 2009  9:33 PM

PCI DSS Compliance | What is the “Cardholder Environment”?



Posted by: Charles Denyer
cardholder environment pci dss, payment card industry data security standards (PCI DSS), PCI DSS, qsa pci dss, qualified security assessor (QSA), system components pci dss compliance

Regarding PCI DSS compliance, i'm often asked as a PCI QSA what is the cardholder environment? In essence, people are wanting to know what is in scope and how do you determine scope. To be honest, it is not at all a clear black and white answer; so many variables come into play, the biggest being...

January 30, 2009  12:15 AM

SAS 70 Type II Audits | A Discussion on Pricing | Auditor’s Expert Opinion



Posted by: Charles Denyer
sas 70 and cpa firms, sas 70 pricing, sas 70 type i type ii

SAS 70 pricing is much like that of a roller coaster ride. I've personally seen the wild swings in the market within the last 3 to 5 years. How volatile has pricing been? Quite a bit and it's based on a number of...


January 29, 2009  1:09 PM

California Security Breach Information Act (SB-1386) | What You Need to Know.



Posted by: Charles Denyer
California SB-1386, California Security Breach Information Act (SB-1386), GLBA, Gramm Leach Bliley, HIPAA, MN PCI DSS, MN plastic card security act, SAS 70

In short, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those...


January 28, 2009  1:03 PM

SAS 70 Audits and PCI DSS Compliance | A Two for One Audit? Not Quite



Posted by: Charles Denyer
cpa, payment card industry data security standards (PCI DSS), PCI DSS, pci dss report on compliance (ROC), pciassessment.org, qsa, sas70.us.com

As an accountant and a PCI Qualified Security Assessor (QSA), i'm seeing more and more auditors essentially provide audit and fieldwork services for both a SAS 70 and a PCI DSS assessment at the same time, then issue a PCI DSS Report on Compliance (ROC)...


January 28, 2009  12:47 PM

PCI DSS Requirement 1.1.2 | Network Diagrams | Easier Said Than Done



Posted by: Charles Denyer
1.1.2 netowrk diagram, cardholder data pci dss, firewalls, firewalls pci dss, payment card industry data security standards (PCI DSS), PCI DSS, pci dss requirement 1.1.2, qualified security assessor (QSA), remote access pci dss, routers and switches, system components, wireless networking pci dss

PCI DSS Requirement 1.1.2 is an often overlooked area within the PCI framework for assessment. That's also a shame because it's such a critical component for helping lay the groundwork for true clarity and transparency for the assessment...


January 20, 2009  3:30 AM

PCI DSS Compliance | Understanding Cardholder Data and What Information to Store



Posted by: Charles Denyer
cardholder name pci dss service code pci dss, expiration date pci dss, magnetic stripe pci dss, payment card industry data security standards, pci dss compliance auditors, pin pin block pci dss, primary account number PAN pci dss, track data pci dss

Payment Card Industry Data Security Standards (PCI DSS) compliance is everywhere these days, or so it seems. As a result, there seems to be some confusing information on what CAN and CANNOT be stored regarding cardholder data. Folks, there really should not be any gray area on this, as the rules...


January 17, 2009  8:00 PM

Payment Card Compliance | PCI DSS | Tips on Passing your PCI DSS Assessment



Posted by: Charles Denyer
change mangement for pci dss, payment card industry data security standards, pci compliance, PCI DSS, sas 70 audits, sas70, two-factor authentication for pci dss

Regarding PCI DSS, as a PCI QSA i'm often asked what's the most difficult hurdle that organizations need to overcome for ensuring PCI DSS compliance. Well, we could talk at length about some of the technical, I.T. challenges, such as two-factor authentication, encryption (though not...


January 17, 2009  3:26 AM

PCI DSS Compliance for Merchants and Service Providers | Compliance is MANDATORY



Posted by: Charles Denyer
governor tim pawlenty pci dss, merchants, MN plastic card security act, PCI DSS, service providers

That's right. Compliance for the Payment Card Industry Data Security Standards, simply known as PCI DSS, is mandatory for all merchants and many service providers. How mandatory? Enough for MN Governor Tim Pawlenty


January 17, 2009  12:21 AM

Payment Card Industry Data Security Standards | PCI DSS | It’s the LAW in Minnesota



Posted by: Charles Denyer
Gov. Tim Pawlenty and PCI DSS, merchants, MN PCI DSS, Payment Card Industry Data Security Standards MN, PCI DSS, service providers, The Minnesota Plastic Card Security Act

The Minnesota Plastic Card Security Act, signed by MN Governor Tim Pawlenty, essentially has codified various parts of the Payment Card Industry Data Security Standards (PCI DSS) into law....


January 16, 2009  3:46 PM

SAS 70 Audits & Data Centers | Tips on Preparing for the Audit



Posted by: Charles Denyer
change management sas 70, co-locations, environmental security, incident management, incident management sas 70, managed services sas 70, payment card industry, PCI, PCI DSS, physical security, SAS 70, sas 70 data centers, sas70

Today's data centers and managed services providers are complex businesses, providing customers with a wide array of services. As such, SAS 70 audits have become the standard compliance audit for assessing internal controls for data centers and managed...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: