Regulatory Compliance, Governance and Security:

PCI DSS


March 23, 2009  11:53 AM

Payment Card Industry Compliance | Its much more than just PCI DSS



Posted by: Charles Denyer
charles denyer, cvv2, pa-dss, payment application data security standard, payment card industry compliance, PCI DSS, pci ssc, ped, pin data, pin entry devices

When people think of payment card industry compliance, they naturally think of PCI DSS compliance. And to be fair, the vast majority of organizations undergoing PCI DSS compliance are merchants and service providers who have to either conduct their own...

February 23, 2009  1:32 AM

PCI Policy and Procedures Documents | You Need them for PCI DSS



Posted by: Charles Denyer
payment card industry data security standards, PCI DSS, PCI Policy and Procedures Documents, requirement 12: Maintain a policy that addresses information security

PCI policy and procedures documents are extremely critical in achieving Payment Card Industry (PCI) compliance. How critical? Enough that an entire requirement for PCI is dedicated to developing an...


February 21, 2009  12:57 PM

PCI Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data | What You Need to Know



Posted by: Charles Denyer
cisco, firewalls, juniper, load balancers, payment card industry data security standards (PCI DSS), PCI DSS, pci dss v1.2, PCI Requirement #1: Install and maintain a firewall configuration to protect cardholder data, qualified security assessor (QSA), routers, rulesets

For Payment Card Industry (PCI) compliance, there are twelve (12) core, functional requirements mandated under PCI DSS v1.2. What's important to note is that many times you truly need to "read between the lines" to interpret, comprehend, and understand what the PCI DSS standards are actually...


February 18, 2009  7:53 PM

PCI DSS and SAS 70 Audits | Audit Efficiencies? Maybe…just Maybe



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI DSS, pci dss assessments, qsa, SAS 70, sas 70 audits, sas70

As a SAS 70 auditor and a PCI QSA, i'm often asked about the efficiencies of scale that can be achieved with SAS 70 audits and PCI DSS assessments. I have blogged about this a few times before, so let me be more clear and transparent in what i believe can actually be obtained in regards to audit...


February 14, 2009  1:52 PM

Payment Card Industry (PCI) Compliance | Much More than just I.T.



Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), PCI DSS, pci dss 1.2, pci dss policies and procedures, pci readiness assessment, qualified security assessor (QSA), requirement 12: Maintain a policy that addresses information security

That's right. Payment Card Industry (PCI) compliance is much more than just I.T. and all the surrounding hardware and software components that make up the "system components" within the cardholder environment. I've just recently finished up a PCI Readiness Assessment for a client on the West Coast...


January 30, 2009  9:33 PM

PCI DSS Compliance | What is the “Cardholder Environment”?



Posted by: Charles Denyer
cardholder environment pci dss, payment card industry data security standards (PCI DSS), PCI DSS, qsa pci dss, qualified security assessor (QSA), system components pci dss compliance

Regarding PCI DSS compliance, i'm often asked as a PCI QSA what is the cardholder environment? In essence, people are wanting to know what is in scope and how do you determine scope. To be honest, it is not at all a clear black and white answer; so many variables come into play, the biggest being...


January 28, 2009  1:03 PM

SAS 70 Audits and PCI DSS Compliance | A Two for One Audit? Not Quite



Posted by: Charles Denyer
cpa, payment card industry data security standards (PCI DSS), PCI DSS, pci dss report on compliance (ROC), pciassessment.org, qsa, sas70.us.com

As an accountant and a PCI Qualified Security Assessor (QSA), i'm seeing more and more auditors essentially provide audit and fieldwork services for both a SAS 70 and a PCI DSS assessment at the same time, then issue a PCI DSS Report on Compliance (ROC)...


January 28, 2009  12:47 PM

PCI DSS Requirement 1.1.2 | Network Diagrams | Easier Said Than Done



Posted by: Charles Denyer
1.1.2 netowrk diagram, cardholder data pci dss, firewalls, firewalls pci dss, payment card industry data security standards (PCI DSS), PCI DSS, pci dss requirement 1.1.2, qualified security assessor (QSA), remote access pci dss, routers and switches, system components, wireless networking pci dss

PCI DSS Requirement 1.1.2 is an often overlooked area within the PCI framework for assessment. That's also a shame because it's such a critical component for helping lay the groundwork for true clarity and transparency for the assessment...


January 17, 2009  8:00 PM

Payment Card Compliance | PCI DSS | Tips on Passing your PCI DSS Assessment



Posted by: Charles Denyer
change mangement for pci dss, payment card industry data security standards, pci compliance, PCI DSS, sas 70 audits, sas70, two-factor authentication for pci dss

Regarding PCI DSS, as a PCI QSA i'm often asked what's the most difficult hurdle that organizations need to overcome for ensuring PCI DSS compliance. Well, we could talk at length about some of the technical, I.T. challenges, such as two-factor authentication, encryption (though not...


January 17, 2009  3:26 AM

PCI DSS Compliance for Merchants and Service Providers | Compliance is MANDATORY



Posted by: Charles Denyer
governor tim pawlenty pci dss, merchants, MN plastic card security act, PCI DSS, service providers

That's right. Compliance for the Payment Card Industry Data Security Standards, simply known as PCI DSS, is mandatory for all merchants and many service providers. How mandatory? Enough for MN Governor Tim Pawlenty


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: