Las Vegas, by matze_ott

Las Vegas, by matze_ott

I hope to see many of you next week at the PCI Community Meeting in Las Vegas!  VeriSign will have a booth and is a sponsor for the event.  If you are going, please do stop by our booth and attend our sponsored cocktail hour!  We’ll have some goodies and some exciting news for everyone that stops to chat!

At this point, I’m not sure what kind of coverage I’ll be able to provide from the meeting, but more on that soon.

Before you arrive for the sessions, I urge you to review the myriad of information available on the PCI Security Standards Council website, including the recently published SIG papers, and prepare your questions.  This is your chance to ask the Technical Working Group and other members of the Council directly!  Although, be prepared for them to tell you it is up to your QSA.

The best way to avoid that answer is to ask questions that don’t start with “My environment has X technology,” and ask for their intent behind requirements.  As an example, a bad question to ask would be “Can I use whitelisting instead of anti-virus?”  A good version of that question might be “Is the intent of 5.1 to stop the execution of malicious software, and can compensating controls be considered?”

It requires that you do a little homework, but as with most things in life, you will get out of the event what you put into it.  Preparation goes a long way when talking to the framers of the standard.

Hope to see you there!

This post originally appeared on BrandenWilliams.com.