pciguru.wordpress.com
Compensating Control Refresher | PCI Guru
https://pciguru.wordpress.com/2015/07/25/compensating-control-refresher
Links To Card Brand Security Programs. Ultra Secure Network Architecture. Requirement 11 - Regularly test security systems and processes. Requirement 2 - Do not use vendor-supplied defaults. And Requirement 6 - Develop and maintain secure systems and applications. However, here we are at v3.1, five years down the road and I still see a lot of poorly and improperly written CCWs. As a result, I think it is time to take people through a refresher on the CCW. Valid controls in this section must also go above...
pciguru.wordpress.com
Pushing The Limits | PCI Guru
https://pciguru.wordpress.com/2015/08/02/pushing-the-limits
Links To Card Brand Security Programs. Ultra Secure Network Architecture. Here are some situations that QSAs encounter way too often. Organizations that conduct their annual penetration test 30 days before the deadline to file their self-assessment questionnaire (SAQ) or Report On Compliance (ROC). Organizations that conduct their final quarter vulnerability scan 30 days before the deadline to file their SAQ or ROC. Why are these situations a problem? While this fire drill is going on, your QSA sits and ...
pciguru.wordpress.com
What Is Penetration Testing? | PCI Guru
https://pciguru.wordpress.com/2010/02/21/what-is-penetration-testing
Links To Card Brand Security Programs. Ultra Secure Network Architecture. What Is Penetration Testing? Categories: Requirement 11 - Regularly test security systems and processes. This question comes up more than I would like so it is probably a good discussion topic. And it pairs up nicely with my previous post. Regarding passing vulnerability scans. Next, penetration testing is not all about the tools. I do not care whether you use tools like Metasploit. Not everyone can be a penetration tester. Cer...
pciguru.wordpress.com
The Third Party Dilemma | PCI Guru
https://pciguru.wordpress.com/2015/08/08/the-third-party-dilemma
Links To Card Brand Security Programs. Ultra Secure Network Architecture. The Third Party Dilemma. And Requirement 12 - Maintain a policy that addresses information security. I am starting to see more and more of this situation with my mid-size and larger clients, the third party that is using the client’s network to process and transmit cardholder data (CHD). So what are your options if you are involved in such arrangements? Here are some thoughts. Ignore the problem and hope it goes away. Hi, I’m...
pciguru.wordpress.com
Post Series References | PCI Guru
https://pciguru.wordpress.com/post-series-references
Links To Card Brand Security Programs. Ultra Secure Network Architecture. For those of you looking for my posts grouped into a series based on topic, here is your page. 8211; https:/ pciguru.wordpress.com/2009/02/15/network-segmentation/. Network Segmentation – Take 2. 8211; https:/ pciguru.wordpress.com/2010/03/06/network-segmentation-%E2%80%93-take-2/. Network Segmentation – One Last Discussion. 8211; https:/ pciguru.wordpress.com/2011/01/09/network-segmentation-%E2%80%93-one-last-discussion/. 8211; ht...
pciguru.wordpress.com
Links To Card Brand Security Programs | PCI Guru
https://pciguru.wordpress.com/links-to-card-brand-security-programs
Links To Card Brand Security Programs. Ultra Secure Network Architecture. Links To Card Brand Security Programs. American Express Data Security. Https:/ www209.americanexpress.com/merchant/services/en US/data-security. Discover Information Security and Compliance (DISC). Http:/ www.discovernetwork.com/merchants/data-security/disc.html. Http:/ partner.jcbcard.com/security/jcbprogram/index.html. MasterCard International Site Data Protection (SDP) Program. Visa Global Web Site Locator. Feed for this Entry.
pcip-study.blogspot.com
PCIP Study Guide: September 2013
http://pcip-study.blogspot.com/2013_09_01_archive.html
This is a blog on obtaining the Payment Card Industry Professional (PCIP) certification. Sunday, September 22, 2013. Study Material - Treasury Institute blog. The Treasury Institute is focused on PCI compliance for colleges and universities. The person posting on this blog is "Gene Willacker [who] is the PCI Compliance Officer for Michigan State University (MSU)". Gene has compiled a great list of PCI 3.0 information in his blog. The link is [here]. Saturday, September 21, 2013. Requirement 1.3.6. Indust...
walterconway.com
Walter Conway, PCI Resources
http://www.walterconway.com/index.html
Walter T. Conway. 1948 – 2013. We've lost a colleague and, more importantly, a dear friend. Walt was unexpectedly diagnosed with advanced pancreatic cancer. While he started treatment immediately, the cancer was aggressive and he was taken from us too quickly by this awful disease. Donations can be made to the Walter T. Conway, Jr. Fund at Episcopal Community Services, 165 Eighth Street, 3rd Floor, San Francisco, CA 94103, or online at www.ecs-sf.org. Is proud to continue Walt's hard work. Point is that,...
ccsp.nd.edu
Notre Dame | Credit Card Support Program :: External Resources
http://ccsp.nd.edu/resources.shtml
University of Notre Dame. Credit Card Support Program. Links have been provided to various PCI related websites that provide further information related to PCI DSS. PCI Security Standards Council. Https:/ www.pcisecuritystandards.org/. Treasury Institute for Higher Education. Http:/ treasuryinstitutepcidss.blogspot.com/. PA-DSS List of Validated Payment Applications. Https:/ www.pcisecuritystandards.org/security standards/vpa/vpa approval list.html. Visa's List of Compliant Level 1 Service Providers.