Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
The PCI Security Standards Council released an updated Prioritized Approach document for PCI DSS 2.0 on May 31 with associated tools and change documentation. I posted about the version of this document made to address PCI DSS 1.2 in 2009, and many of my comments still carry forward with this version. But let me take a moment to refresh the content as more than two years have passed since the original post.
Visa released an interesting PDF last month entitled Chargeback Management Guidelines for Visa Merchants. Don’t be turned off by the stereotypical graphic on the front page, there is some good stuff in there for ALL parties involved, not just Merchants. QSAs should read this document to provide a better service to their customers if for nothing else than to see practices from a Non-US centric view.
A reader asked me about compliance in a small medical office situation. How should someone approach it? You probably got a letter from someone with a Self-Assessment Questionnaire, and you are unsure what to do! Here are a few things to consider:
In my travels recently to Asia and Australia, I am learning that the security market here tends to be more focused on shiny tools than security process. Someone even made a statement about the maturity of the US around information security and how much more mature it is than what they are dealing with.
The PCI Security Standards Council announced on May 23 the new PCI Board of Advisors for 2011 and 2012. There are some familiar names on the list as some of these companies are in their third term on the board, and there are some new faces, namely RSA, the Security Division of EMC. I am the representative from RSA that will be participating on behalf of the company.
The PCI Security Standards Council recently made news when they announced that they would no longer be accepting mobile payment applications for PA-DSS compliance consideration. This means that vendors looking to certify new mobile applications or devices are now left in the lurch.
After my last post on the Lack of Understanding in QSAs, Brad emailed me and asked how much a QSA or ISA should look behind the curtain for someone like an Iron Mountain (analogy used in the post). I feel like a bad consultant/blogger because I only pointed out a problem, but didn’t point out a solution.
Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites. Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And [...]
A new version of the Payment Card Industry Data Security Standard, or PCI DSS was recently announced. This week’s Speaking of Security podcast discusses new guidance on how to protect customer account data.
Interesting note from Visa yesterday. They have given non-US merchants an escape hatch for validating PCI DSS compliance annually if they meet four specific requirements.
