PCI 2.0 is just around the corner, and what better way to discuss it than by reviewing the ____ ____ ____ that just wrapped in ____! Much of the information we received was classified as confidential or embargoed, so unless you are a stakeholder (like a ____ ____, ____, ____, or described by any other of the acronyms we have come to love) you are missing out.

it was a secret!, by platinumblondelife

Of course, the first thing we all heard was the ban on social media. Ironically, there was a press table in the back, so I’m not sure what those guys are going to be able to do with the info if they cannot write about it. Anyway, here’s my take:

Wednesday’s session kicked off with the _____ video from ____ _____ and _____. Kind of tired of that thing, but _____ enjoyed it. We saw a video message from ____ ____ who couldn’t make it (my thoughts are with your family), who _____ off into the _____, and then ___ ____ came up to kick things off. Unfortunately, we didn’t see an appearance from Elvis ____ like last year (sincerely bummed).

Next, we got to hear the ____ of the ____, which had some pretty interesting stats in it!  For example, this year has seen ____ new QSAs, ____ new PA-QSAs, _____ new firms, and ____ requalifications. I have some renewed concerns on ____ based on this information, though I know that ____ concerns overall are not uniformly shared by _______. The QA team has grown by ____, and ____ ISAs have been trained thus far (thanks to _____ from _____ for making the presentation to the ____ board that ultimately got us to where we are!). We learned about all the cool things that ____ ____ is doing, and new features to the _____ that are coming in ______.

By far, the most interesting session for me was the keynote by _____ _____.  ____ did a complete analysis of the ____ ____ case, and illustrated how we ____ the bad guys by ____ them into _____. The main conflict I perceived in this discussion was the statement that the standards must remain dynamic. In light of the new three year life cycle, it appears that this is where ____ ____ and ___ ____ will be at odds. While ____ ____ is pushing for the standards to keep up with the bad guys, the ____ is resisting that level of change.

Companies that handle this type of sensitive data will see the most benefit from removing their risk by reducing or eliminating their in-house use of PAN data.

Up next, my favorite session—Q/A. It’s a great session to hear how the _____ is dealing with ____. Unfortunately for the veterans, this fourth iteration of the session (sixth for those of us who hit Europe) is getting a little old. The questions fall into four categories.

  1. People new to PCI DSS that ask relatively basic questions that absolutely must be addressed by the folks on stage. It takes testicular fortitude to stand up in front of ____ people and ask a question, so props to those of you who did. At a minimum, it’s interesting enough for the vets to see if the ____’s response changes.
  2. Vendors asking loaded questions to try and get the Council to endorse their product (you know who you are, _____).
  3. Jaded individuals that point out flaws in ____ and discuss its information security failings.
  4. People struggling with their own implementations that try to push responsibility to other parties.

How many times does the group up there need to say, it depends, or that it is up to your QSA before the folks in the last three groups learn how to handle the Q/A session?

The last session of the day was the _____ _____ session that many of us want to see more of from the Council for ______ purposes.

Thursday kicked things off with an update from the _____, which seemed a bit ____. More ____ of ____ we do, ____ we do it, ____ ____ can help, and ____ we ____ would have been ____. Then the ____ presentation from ____, which was similar to the one given at _____.

For those staying the afternoon, you got to hear more about ____ and ____, and then a final ____ before dismissal.

It was good to see everyone this year! I think 2011-2013 will be very interesting years in the PCI life cycle!

Want to see the blanks filled in?  Click here!

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts:


Tagged with:

0