Blog Posts Tagged with "PCI SSC"
Understanding the Intent of PCI Requirement 11.2
February 09, 2011 Added by:PCI Guru
Requirement 11.2 requires that vulnerability scanning is performed at least quarterly. Given the 30 day patching rule and the fact that scanning must be performed after all “significant” changes, an organization really needs to conduct monthly scanning at a minimum to stay compliant...
Comments (2)
RTFM: Take the Time to Read the Documentation
January 18, 2011 Added by:PCI Guru
The PCI SSC’s Web site contains all of the documentation you need to interpret the PCI standards, yet it seems the only document that people download and read is the PCI DSS. If people would just read the rest of the documentation that is available, we would all be better off...
Comments (0)
The Harsh Reality Of Security
January 09, 2011 Added by:PCI Guru
Chris Skinner asks the question, “Why does the card securities council not care about card security?” What concerns me is the title of the article as it again implies that the PCI standards do nothing to secure cardholder data. I thought I would take a shot at answering this question...
Comments (0)
PCI SSC Backs Off Certifying Mobile Payment Apps
January 05, 2011 Added by:PCI Guru
A mobile payment refers to the use of a wireless device as a cash register. This is one of the reasons why the PCI SSC has pulled back on certifying mobile payment applications. The definition is becoming too broad and confusing thus creating too many issues to cover in a quick time...
Comments (0)
The PA-DSS Certification Clarification
December 16, 2010 Added by:PCI Guru
Changes that fall into these two categories do not require that the PA-QSA conduct a re-assessment of the application and file a new Report On Validation. The application continues to hold its existing PA-DSS certification. However, the PA-QSA is required to prepare and file a Minor Update...
Comments (0)
Interesting Announcements From The PCI SSC
December 08, 2010 Added by:PCI Guru
The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...
Comments (1)
Heartland Regains PCI Compliant Status
May 03, 2009 Added by:Anthony M. Freed
Heartland’s removal from the list of compliant payment processors had followed revelations that the company had suffered what may have been the largest data breach of payment card information to date, although details of the incident have not been made available due to ongoing investigations...
Comments (5)
Payment Card Industry Swallows Its Own Tail
April 01, 2009 Added by:Anthony M. Freed
The greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers, but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve...
Comments (2)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider