Regulatory Compliance, Governance and Security:

ITKE grandparent


April 27, 2009  2:06 AM

Sarbanes Oxley (SOX) and SAS 70 | What Does the Future Hold?



Posted by: Charles Denyer
charles denyer, Compliance, corporate governance, PCI, Sarbanes-Oxley, SAS 70, SOX

Sarbanes Oxley and SAS 70 audits have had a monumental impact on corporate governance and compliance. So much so, they almost invented a huge part of the pie. As a SAS 70 auditor, i'm often asked what does the...

April 20, 2009  1:03 PM

Payment Card Industry Data Security Standard | Learn about PCI DSS



Posted by: Charles Denyer
american express, amex, charles denyer, discover, jcb, mastercard, merchants, Payment Card Industry Data Security Standard, PCI DSS, pci dss self assessment, pci ssc, service providers, visa

The Payment Card Industry Data Security Standard, commonly known as PCI DSS, is a far reaching compliance initiative put forth in a collaborative fashion by the major payment brands (VISA, MasterCard, American Express, Discover, and JCB). These compliance initiatives are overseen and guided by the...


March 27, 2009  10:15 PM

PCI DSS Transaction Levels | VISA Requirements for Merchants



Posted by: Charles Denyer
charles denyer, payment card industry data security standards (PCI DSS), PCI DSS, pci dss transaction levels, pci qsa, qualified security assessor (QSA), visa, visa level 1

PCI DSS transaction levels for merchants are used to identify what "Level" an organization would fall into for PCI DSS compliance. Level 1: Any merchant-regardless of acceptance...


March 26, 2009  1:34 PM

Compliance with PCI DSS | Expert Advice from a PCI QSA



Posted by: Charles Denyer
charles denyer, compliance with pci dss, merchants, payment card industry, PCI DSS, pci dss self assessment, qsa, qualified security assessor, service providers

Compliance with PCI DSS can be daunting and a challenge indeed. However, simply breaking down the PCI DSS requirements and looking at it in a thought manner will help alleviate your concerns. As a Payment Card Industry Qualified Security Assessor (PCI...


March 26, 2009  1:11 AM

PCI DSS | Payment Card Industry Compliance | Tips on Preparing for a PCI DSS Assessment



Posted by: Charles Denyer
charles denyer, firewalls, merchant, PCI DSS, pci policies and procedures, pci qsa, routers, service provider, switches

Are you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA's play book for helping you prepare for a PCI DSS assessment. While we as QSA's...


March 24, 2009  11:49 PM

What is Required for PCI Assessment? | PCI DSS Q and A



Posted by: Charles Denyer
Build and Maintain a Secure Network, charles denyer, Implement Strong Access Control Measures, Maintain an Information Security Policy, PCI DSS, Protect Cardholder Data, qualified security assessor (QSA), Regularly Monitor and Test Networks, requirement 12, What is Required for PCI Assessment?

What is required for PCI assessment compliance? This is a question i'm often asked, especially by organizations that need to comply with Level 1 of the PCI DSS standards, which is an on-site assessment conducted by a Qualified Security Assessor (QSA), such as myself. Well,


March 23, 2009  11:53 AM

Payment Card Industry Compliance | Its much more than just PCI DSS



Posted by: Charles Denyer
charles denyer, cvv2, pa-dss, payment application data security standard, payment card industry compliance, PCI DSS, pci ssc, ped, pin data, pin entry devices

When people think of payment card industry compliance, they naturally think of PCI DSS compliance. And to be fair, the vast majority of organizations undergoing PCI DSS compliance are merchants and service providers who have to either conduct their own...


March 20, 2009  6:20 PM

SAS 70 Compliance | Tips on Scoping a SAS 70 Audit



Posted by: Charles Denyer
audit, charles denyer, general controls audit, managed services sas 70, SAS 70, sas 70 compliance, sas 70 resource guide, sas 70 type ii

SAS 70 compliance is commonplace for many of today's businesses. Unfortunately, one of the missing ingredients in understanding SAS 70 compliance is the scope of the audit. That's right. The who, what, when, where, and why of the actual SAS 70 audit process....


February 23, 2009  5:13 PM

SAS 70 Internal Controls | Important Facts and Tips to Know



Posted by: Charles Denyer
sas 70 internal controls, SAS 70 Type I, sas 70 type ii

SAS 70 audits test a wide array of internal controls within your organization for helping ensure SAS 70 Type I or Type II compliance. What's interesting to note about these "internal controls" is that you need to truly understand what they are...


February 23, 2009  1:32 AM

PCI Policy and Procedures Documents | You Need them for PCI DSS



Posted by: Charles Denyer
payment card industry data security standards, PCI DSS, PCI Policy and Procedures Documents, requirement 12: Maintain a policy that addresses information security

PCI policy and procedures documents are extremely critical in achieving Payment Card Industry (PCI) compliance. How critical? Enough that an entire requirement for PCI is dedicated to developing an...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: