SecurityRatty: tag: dss

PCI DSS Blogs

2008-11-24 15:20:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...DSS related blogs (looking especially for blogs by QSAs), so IN NO PARTICULAR ORDER Obviously: http://chuvakin.blogspot.com/search/label/PCI PCI DSS News and Information at http://www.treasuryinstitute.org/blog PCI Answers at http://pcianswers.com Branden Williams' Security Convergence Blog at http://blogs.verisign.com/securityconvergence...

Tags: pci dss, pci dss news, blogs, payment card security, security convergence blog, securitim, chuvakin, pci answers, lists

Is PCI DSS "Too Prescriptive"?

2008-09-22 15:43:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...DSS, somebody crawls out of the woodwork and utters the following: " PCI is too prescriptive! ", as if it is a bad thing (e.g. I mentioned it before here I used to react to this with " Are you stupid?! PCI being prescriptive is the best thing since sliced cake :-) Finally, there is some specific guidance for people to follow and be more...

Tags: pci, pci dss, compliance, compliance fun, pci compliance, compliance checklists, fun, security, regulatory compliance

A Friday Afternoon Conversation About PCI DSS

2008-12-05 20:42:09 by Alex in RiskAnalys.is

...DSS might have it all backwards. Now Im just thinking out loud here, and throwing this blog post up on a whim (for Twitter conversations that are happening in parallel) so be polite/nice 1.) As Jack likes to say, all control efforts are centered around Prevent/Detect/Respond. An if we can prevent at 100% efficiency, we dont really need to...

Tags: pci, pci dss, pci pii, subsequent pdr efforts, pci compliance, pdr, credit cards, credit, threat actions

Why PCI DSS is doomed.

2008-05-12 10:50:00 by Russ McRee in HolisticInfoSec.org

...DSS 6.6 language has been made even more elusive with such useful language as Keeping in mind that the objective of Requirement 6.6 is to prevent exploitation of common vulnerabilities (such as those listed in Requirement 6.5), several possible solutions may be considered. They are dynamic and pro-active, requiring the specific initiation of...

Tags: safe, mcafee hacker safe, mcafee, mcafee secure, code, insert code, insert, web site, mcafee delivers

Went on Vacation - Missed PCI DSS 1.2 :-)

2008-08-21 08:52:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

OMG, I go on vacation for 3 days (pretty much offline) - and I miss pre-release of PCI DSS 1.2 How unfair is that In any case, I am baaaaaack About me: http://www.chuvakin.org

Tags: pci dss, miss pre-release, vacation, baaaaaack, org, omg, days, pretty, offline

Run Through PCI DSS 1.2 Changes

2008-08-26 11:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...DSS 1.2. change doc. So Good news: router is now officially a firewall (it has been for a while, but many people are still stuck in "security device" vs "network device" cloud) - see Req 1 From the "WTH dept": anti-virus is a MUST on ALL platforms - Req 5. Please ship me some of the stuff they are smoking; I want it! BTW, I am going to...

Tags: req, pci dss, offsite data storage, insecure wireless, audit trail history, silly log dumps, wireless, plain text passwords, vulnerability stuff

Fun Reading on Security and Compliance #10

2008-12-09 10:13:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...DSS is fun! compliance section REALLY insightful post from BeastOrBudda : PCI DSS Compliance Projects - The road to nowhere. I do disagree with a few pointers there (e.g. that all PCI projects are security projects I think NOT enough of the PCI projects are security/risk management projects!); otherwise, it is golden. A quote: If anything,...

Tags: special pci dss, pci dss, pci, security, pci security, offensive information security, information security, pci-dss program, measure security roi

Links for 2008-12-08 [del.icio.us]

2008-12-09 00:00:00 by Editor in Anton Chuvakin Blog -

...DSS Compliance Projects - The road to nowhere Down the PCI Rabbit Hole in Search of Better Risk Measurements | BlogInfoSec.com Rational Survivability: Please Help Me: I Need a QSA To Assess PCI/DSS Compliance In the Cloud... Please Help Me: I Need a QSA To Assess PCI/DSS Compliance In the Cloud Network Security Blog PCI Compliance in the...

Tags: pci compliance, ignore pci compliance, pci, pci rabbit hole, fail pci compliance, compliance, assess pcidss compliance, pci blog, security

MUST-DO Logging for PCI?

2008-02-11 10:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...DSS compliance? Since this is a common question, I am broadcasting it here The honest answer to the above question is that there is no list of what EXACTLY you MUST be logging due to PCI or, pretty much, any other recent "compliance thingy" (as we all know, PCI DSS rules are more specific than most others). However, the above does NOT mean...

Tags: pci, pci dss rules, pci dss compliance, pci dss guidance, compliance, log, must-log-this, pci book, log management

PCI V1.2, a good start but still not enough

2008-09-03 16:56:31 by Burton Group in

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo