Regulatory Compliance, Governance and Security » intrusion detection system http://itknowledgeexchange.techtarget.com/compliance-governance Thu, 10 Mar 2011 15:04:50 +0000 en-US hourly 1 PCI DSS Compliance | Watch out for the “Road Blocks” http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-compliance-watch-out-for-the-road-blocks/ http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-compliance-watch-out-for-the-road-blocks/#comments Sat, 29 Aug 2009 13:31:41 +0000 Charles Denyer http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-compliance-watch-out-for-the-road-blocks/ PCI DSS Compliance, especially on-site reviews conducted by a Qualified Security Assessor (QSA), can take an immense amount of time in completing and receiving one’s Report on Compliance (ROC).
What most merchants and service providers fail to recognize is that there are numerous issues that could potentially cause “roadblocks” on the way to achieving PCI DSS compliance.

As a QSA, I’ve listed some examples of common items that require remediation prior to achieving compliance. These items are considered major “roadblocks” because of either the time, money and investment needed to incorporate them into the cardholder data environment:

1. Two-factor authentication
2. Web application firewall and/or software code reviews.
3. Intrusion Detection Systems (IDS)
4. Documented Policies and Procedures specifically related to PCI DSS compliance.

These four items are typically what catch merchants and service organizations off-guard. Be prepared, be proactive; find a quality, competent QSA to help with all your PCI DSS compliance needs.

]]> http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-compliance-watch-out-for-the-road-blocks/feed/ 0