I always enjoy the Q/A sessions that the Council has at these events. I don’t know how many sessions I will be able to blog about (we only want the interesting ones anyway), but here’s the first bunch of Q/A from this session! The first question was around segmentation and SANs. I’d never heard the question asked that way, but most SANs by nature are segmented from each other. The more interesting point here is what constitutes segmentation? So many assessors only consider firewalls a method of segmentation. According to the documentation provided by the council, segmentation can be accomplished in multiple ways–not just by deploying firewalls. QSAs should be looking at the whole solution, not just fixating on a ...

Are you interested in how 1.2 affects you? The Council provided a detailed list of changes between the two standards, but sometimes it can be a little overwhelming. The guys over at Aegenis have posted a good summary for those of you who want to cut to the chase. If you have specific questions to your business, why not reach out to a VeriSign consultant? We can provide you the expertise you need! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

Just like the rest of you, I couldn’t sleep all night. I tossed and turned in anticipation for this glorious day. It was much like being a kid again and waiting for Christmas morning to hurry up and get here so I could open presents! I jumped out of bed promptly when my alarm went off, got ready for my day and bounded up my stairs to my new office (I’ve moved my office so that the new kiddo can get the bigger room), plopped myself into my chair and furiously tried to wake up my PC. I unlocked it and browsed over and … *sigh* should have slept in. I’ve been hitting reload every ten seconds since (Grey’s Anatomy ...

I wandered over to the PCI-SSC site today and noticed that they have reposted the press release from August 18 reminding everyone that the new version of the standard will be announced TOMORROW. Thanks for the reminder; I’m pretty sure we all have that date etched into our brains via green laser. Tease…. Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

The US PCI Conference is now over, and what a quick two days. There are many changes coming for the new standard, and I’m very excited about talking to you all. We are putting together a webinar to discuss, in detail, the changes that you will be facing. Look for an announcement on that soon. It was great talking with many of you about the issues that we all face every day. I look forward to talking again soon and helping you build creative solutions to these challenges. Oh, and a quick tidbit for you all. If you get a business card from a processor, sometimes even when you put it in a blazing fire pit, it will not burn! ...

OK, the questions have not been really earth shattering. I’m heading to a customer call in a few, so will not be live blogging the latter half. We do have coverage and I will post anything crazy here shortly. Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

We’re just reviewing these changes and before hundreds of people queued up at the microphone, the intent of the change is to prevent an “automatic exclusion” of Unix or Mainframe technologies. Looks like Anti-Virus is now a case-by-case basis for review. My opinion is that ANY desktop computer with access to the internet should have A/V on it as it is at a higher risk for compromise. In some cases there can be exceptions, and technologies like Solidcore and/or Bit9 can be excellent compensating controls. Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should ...