June 16, 2009 2:35 AM
Posted by: Charles Denyer
assessments,
audits,
charles denyer,
cpa firm,
payment card industry data security standards,
PCI DSS,
PCI DSS Level 1 compliance,
report on compliance,
ROC,
sas 70 type ii auditSAS 70 audits, especially Type II reports and PCI DSS Level 1 Report on Compliance (ROC) assessments are dominating today's regulatory compliance arena. Painfully, as a SAS 70 auditor and a PCI DSS assessor, I keep hearing people talk about these two compliance initiatives as if they are one in...
May 31, 2009 3:33 PM
Posted by: Charles Denyer
Add new tag,
change management,
charles denyer,
Maintain an Information Security Policy,
PCI DSS,
policies and procedures,
requirement 12,
SAS 70 Type I,
sas 70 type iiPolicies and Procedures-it's such a common theme and phrase in today's regulatory compliance and governance arena, so much so, i think it should have it's own Wikipedia page. It can be an arduous undertaking in developing these documents. Furthermore, policies and procedures are becoming...
May 26, 2009 6:22 PM
Posted by: Charles Denyer
charles denyer,
payment card industry data security standards,
PCI DSS,
PCI DSS Level 1 compliance,
pci qsa,
pciassessment.org,
policies and procedures,
requirement 12Payment Card Industry Data Security Standards (PCI DSS) Level 1 compliance can be a very arduous, time-consuming and costly undertaking for any organization. However, there are a number of proactive steps that should be put in place for helping ensure an...
May 9, 2009 9:49 PM
Posted by: Charles Denyer
charles denyer,
payment card industry data security standards,
PCI DSS,
PCI DSS Self Assessment Questionnaire,
pciassessment.org,
qualified security assessorPCI DSS Self Assessment questionnaires are used for the large and growing number of merchants who must comply with the Payment Card Industry Data Security Standards (PCI DSS). In short, compliance can be obtained by conducting a "Self Assessment". What's important to note, however, is that there...
April 20, 2009 1:03 PM
Posted by: Charles Denyer
american express,
amex,
charles denyer,
discover,
jcb,
mastercard,
merchants,
Payment Card Industry Data Security Standard,
PCI DSS,
pci dss self assessment,
pci ssc,
service providers,
visaThe Payment Card Industry Data Security Standard, commonly known as PCI DSS, is a far reaching compliance initiative put forth in a collaborative fashion by the major payment brands (VISA, MasterCard, American Express, Discover, and JCB). These compliance initiatives are overseen and guided by the...
March 27, 2009 10:15 PM
Posted by: Charles Denyer
charles denyer,
payment card industry data security standards (PCI DSS),
PCI DSS,
pci dss transaction levels,
pci qsa,
qualified security assessor (QSA),
visa,
visa level 1PCI DSS transaction levels for merchants are used to identify what "Level" an organization would fall into for PCI DSS compliance.
Level 1: Any merchant-regardless of acceptance...
March 26, 2009 1:34 PM
Posted by: Charles Denyer
charles denyer,
compliance with pci dss,
merchants,
payment card industry,
PCI DSS,
pci dss self assessment,
qsa,
qualified security assessor,
service providersCompliance with PCI DSS can be daunting and a challenge indeed. However, simply breaking down the PCI DSS requirements and looking at it in a thought manner will help alleviate your concerns. As a Payment Card Industry Qualified Security Assessor (PCI...
March 26, 2009 1:11 AM
Posted by: Charles Denyer
charles denyer,
firewalls,
merchant,
PCI DSS,
pci policies and procedures,
pci qsa,
routers,
service provider,
switchesAre you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA's play book for helping you prepare for a PCI DSS assessment. While we as QSA's...
March 24, 2009 11:49 PM
Posted by: Charles Denyer
Build and Maintain a Secure Network,
charles denyer,
Implement Strong Access Control Measures,
Maintain an Information Security Policy,
PCI DSS,
Protect Cardholder Data,
qualified security assessor (QSA),
Regularly Monitor and Test Networks,
requirement 12,
What is Required for PCI Assessment?What is required for PCI assessment compliance? This is a question i'm often asked, especially by organizations that need to comply with Level 1 of the PCI DSS standards, which is an on-site assessment conducted by a Qualified Security Assessor (QSA), such as myself. Well,
