SecurityRatty: tag: pci-compliant

Is PCI DSS "Too Prescriptive"?

2008-09-22 15:43:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

I did this fun panel on PCI compliance at SecureWorld Bay Area the other week. What is interesting is that almost every time there is a discussion about PCI DSS, somebody crawls out of the woodwork and utters the following: " PCI is too prescriptive! ", as if it is a bad thing (e.g. I mentioned it before here I used to react to this with " Are...

Tags: pci, pci dss, compliance, compliance fun, pci compliance, compliance checklists, fun, security, regulatory compliance

MUST-DO Logging for PCI?

2008-02-11 10:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Somebody asked me a few days ago: EXACTLY what logging we absolutely MUST do for PCI DSS compliance? Since this is a common question, I am broadcasting it here The honest answer to the above question is that there is no list of what EXACTLY you MUST be logging due to PCI or, pretty much, any other recent "compliance thingy" (as we all know, PCI...

Tags: pci, pci dss rules, pci dss compliance, pci dss guidance, compliance, log, must-log-this, pci book, log management

The Hannaford PCI Fallout

2008-03-28 13:07:12 by Marc Othersen in Security & Risk Management

By now, most people have heard about the data breach at Hannaford. Here are some thoughts regarding potential fallout 1) PCI standard may change. Much depends on Hannaford disclosing the control failures leading to the data breach. The standard may be strengthened to address control areas that may have been overlooked. Should the controls that...

Tags: pci, current pci standard, pci standard, pci compliance auditors, pci audit, normal pci auditors, hannaford, standard, pci auditors

Got PCI? Another aspect of data security and PCI, I did not know

2007-12-06 17:17:00 by Manu Namboodiri in Data Protection, Management and Leakage

Brian Kilcourse, managing partner from RSR Research shared some interesting research data with us at the recent conference. Turns out the best-in-class retailers are lagging behind in PCI compliance. Hmmm we agree that this does not make sense, and there were many conjectures as to why this is the case. A few of the reasons put forth - they know...

Tags: pci, pci boxes, best-in-class, class, pci perspective, best-in-class retailers, retailers, pci compliance, high-end analysis capabilities

Why PCI Is Good For Business

2007-12-03 17:16:25 by RSnake in ha.ckers.org web application security lab

Time to take a step back and look at PCI. We all know and love it, or love to hate it for various reasons, but Id like to go back to the roots of it all and ask one question, What is PCI for? The simple answer that I can get on board the most with is that its to promote spending by increasing consumer confidence. So the obvious goal is to reduce...

Tags: mega huge company-a, huge, pci, security, security directly impacts, company-a, mega huge company-b, company-b, exploit

PCI 6.6 clarified

2008-04-22 16:47:40 by Bill in Grumpy Security Guy

Trey Ford has a good roundup of the new PCI 6.6 clarification in PCI 6.6 Information Supplement Released. All I have to say is well done to the PCI council! From my first pass it seems like it is pretty clear AND they understand the issues organizations are facing. I have a few nits, here and there but it is 1000% better than it was before ...

Tags: pci, pci council, grumpy security guy, issues organizations, information supplement, trey ford, posts, pass, post

PCI compliance kit for NAC - do you believe it?

2008-06-24 07:03:55 by HASH0x84aeda4 in StillSecure, After All These Years

Tim Greene makes the point again in his column that NAC is a great tool to help with PCI compliance. He is right on. Here at StillSecure we have several customers who are using NAC to help with PCI. My issue is Tim highlights some recent spin fed to him from the " used car salesman of NAC ". They claim to have a "PCI kit" that will help with 8...

Tags: pci, nac, pci kit, pci compliance, pci requirments, recent spin fed, remember caveat emptor, juniper customer, car

PCI compliance kit for NAC - do you believe it?

2008-06-24 07:59:29 by ashimmy in StillSecure, After All These Years

Tim Greene makes the point again in his column that NAC is a great tool to help with PCI compliance. He is right on. Here at StillSecure we have several customers who are using NAC to help with PCI. My issue is Tim highlights some recent spin fed to him from the " used car salesman of NAC ". They claim to have a "PCI kit" that will help with 8...

Tags: pci, nac, pci kit, pci compliance, pci requirments, recent spin fed, remember caveat emptor, juniper customer, car

Security World: Qualys releases QualysGuard PCI 2.0

2007-12-18 12:37:00 by Editor in Help Net Security - News

Qualys announced the availability of QualysGuard PCI 2.0, the second generation of its On Demand PCI Platform. It dramatically streamlines the PCI compliance process and adds new capabilities for larg

Tags: qualysguard pci, demand pci platform, pci compliance process, qualys, larg, availability, generation, streamlines, capabilities

On Hannaford Brothers Breach and PCI

2008-03-18 14:58:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo