Regulatory Compliance, Governance and Security:

payment card industry data security standards (PCI DSS)


February 21, 2009  12:57 PM

PCI Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data | What You Need to Know



Posted by: Charles Denyer
cisco, firewalls, juniper, load balancers, payment card industry data security standards (PCI DSS), PCI DSS, pci dss v1.2, PCI Requirement #1: Install and maintain a firewall configuration to protect cardholder data, qualified security assessor (QSA), routers, rulesets

For Payment Card Industry (PCI) compliance, there are twelve (12) core, functional requirements mandated under PCI DSS v1.2. What's important to note is that many times you truly need to "read between the lines" to interpret, comprehend, and understand what the PCI DSS standards are actually...

February 18, 2009  7:53 PM

PCI DSS and SAS 70 Audits | Audit Efficiencies? Maybe…just Maybe



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI DSS, pci dss assessments, qsa, SAS 70, sas 70 audits, sas70

As a SAS 70 auditor and a PCI QSA, i'm often asked about the efficiencies of scale that can be achieved with SAS 70 audits and PCI DSS assessments. I have blogged about this a few times before, so let me be more clear and transparent in what i believe can actually be obtained in regards to audit...


February 14, 2009  1:52 PM

Payment Card Industry (PCI) Compliance | Much More than just I.T.



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI DSS, pci dss 1.2, pci dss policies and procedures, pci readiness assessment, qualified security assessor (QSA), requirement 12: Maintain a policy that addresses information security

That's right. Payment Card Industry (PCI) compliance is much more than just I.T. and all the surrounding hardware and software components that make up the "system components" within the cardholder environment. I've just recently finished up a PCI Readiness Assessment for a client on the West Coast...


February 11, 2009  10:27 PM

PCI DSS Requirement 10: Regularly Monitor and Test Networks



Posted by: Charles Denyer
12 pci requirements, Linux, payment card industry data security standards (PCI DSS), pci audit trails, pci dss logging, PCI Requirement 10: Regularly Monitor and Test Networks, qualified security assessor (QSA), unix, windows

Payment Card Industry (PCI) Data Security Standards (DSS) compliance is often not a black and white assessment. Sure the PCI council gives you the complete assessment document, which fully explains each of the twelve (12) requirements and what is needed for validating each of these respective...


February 9, 2009  2:04 AM

PCI Compliance Strategic Plan | How to Become Compliant | PCI DSS



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI Compliance strategic plan., pci merchant, PCI self assessment questionnaires (SAQ), qualified security assessor (QSA), service provider, third party processer

Need to be Payment Card Industry (PCI) compliant in 2009? Are you a Merchant, Service Provider, Third Party Processor or some other Third Party outsourcing entity involved in the process, storing, or transmitting of payment and creditcard data? If so, listen up, because you need to develop a PCI...


February 8, 2009  3:11 PM

PCI Security Standards | Learn How to Become PCI Compliant



Posted by: Charles Denyer
carhdolder data, payment card industry data security standards (PCI DSS), pci dss v1.2, pci security standards, PCI self assessment questionnaires (SAQ), qualified security assessor (QSA)

Payment Card Industry (PCI) compliance is becoming a force to reckon with, to say the least. It seems as if every possible and conceivable industry in the country is being affected by PCI compliance, either directly or indirectly. What's important to note about PCI compliance is that it primarily...


February 7, 2009  12:04 AM

Payment Card Industry Compliance (PCI) | What’s in store for 2009?



Posted by: Charles Denyer
merchants pci dss, payment card industry data security standards (PCI DSS), qualified security assessor (QSA), service providers payment card compliance

Payment Card Industry (PCI) Data Security Standards (DSS) compliance will no doubt continue to grow in 2009 and beyond. The number of merchants, service providers, and other third party processors/third party providers needing the PCI stamp of approval will continue to grow, based on varying...


January 30, 2009  9:33 PM

PCI DSS Compliance | What is the “Cardholder Environment”?



Posted by: Charles Denyer
cardholder environment pci dss, payment card industry data security standards (PCI DSS), PCI DSS, qsa pci dss, qualified security assessor (QSA), system components pci dss compliance

Regarding PCI DSS compliance, i'm often asked as a PCI QSA what is the cardholder environment? In essence, people are wanting to know what is in scope and how do you determine scope. To be honest, it is not at all a clear black and white answer; so many variables come into play, the biggest being...


January 28, 2009  1:03 PM

SAS 70 Audits and PCI DSS Compliance | A Two for One Audit? Not Quite



Posted by: Charles Denyer
cpa, payment card industry data security standards (PCI DSS), PCI DSS, pci dss report on compliance (ROC), pciassessment.org, qsa, sas70.us.com

As an accountant and a PCI Qualified Security Assessor (QSA), i'm seeing more and more auditors essentially provide audit and fieldwork services for both a SAS 70 and a PCI DSS assessment at the same time, then issue a PCI DSS Report on Compliance (ROC)...


January 28, 2009  12:47 PM

PCI DSS Requirement 1.1.2 | Network Diagrams | Easier Said Than Done



Posted by: Charles Denyer
1.1.2 netowrk diagram, cardholder data pci dss, firewalls, firewalls pci dss, payment card industry data security standards (PCI DSS), PCI DSS, pci dss requirement 1.1.2, qualified security assessor (QSA), remote access pci dss, routers and switches, system components, wireless networking pci dss

PCI DSS Requirement 1.1.2 is an often overlooked area within the PCI framework for assessment. That's also a shame because it's such a critical component for helping lay the groundwork for true clarity and transparency for the assessment...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: