Aside from a rather embarrassing moment last night with Keynote ((Note to self, make your FIRST and LAST slides different, and actually test MOVING slides before the room is filled with expectant eyes boring holes through my skull into the screen behind me.)), I spoke to a local group of PCI DSS enthusiasts about the mistakes that QSAs make, and how to deal with them. I came up with several, but would really like to see what YOU FOLKS out there think!
Submit comments below anonymously or with your name, either way. This is open to anyone! QSAs, ASVs, acquirers, issuers, merchants, service providers, ISOs, security professionals, PCI HAY-TAHs, payment brands, Council members, Jim, forensic investigators, and other PCI experts.
Don’t worry, we’ll find time to pick on others as well, but for today, let’s focus on this. What I’m not looking for is X QSA said that two-factor authentication had to be RSA SecurID only. I’m more looking for something like a QSA sending a newbie to lead an assessment, or not asking the right questions.
Let me know! The lines are open!
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?