|
Jun 12
2012
|
 |
Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI compliance journey.
User Blogs
A short description about your blog
|
Nov 23
2011
|
Decision is Key!Posted by Didier Godart in Risk Management , Compliance |
|
In my previous blog "Something Rotten in my Kingdom" I asked the question: Can we envisage a way to improve security through compliance?
|
Nov 15
2011
|
|
According to the 2011 Verizon Payment Card Industry Compliance Report, requirement 11 - "Regularly test security systems and processes" - is the one least met, so I thought I would dedicate a few newsletters to this subject, starting with the definition and source of vulnerabilities.
The term "vulnerabilities" is often used in the PCI DSS standard to mean the following (per the definition given by the Council):
|
Nov 09
2011
|
|
Ten years ago, self-regulation through the implementation of good security practices was thought to be the way organizations would protect their, and our, sensitive data but the number of reported security incidents demonstrates that self-regulation doesn't actually work. It's like hoping that a kid does his home work only because he fully understands all the benefit for himself. Actually, this kind of self-governing behaviour requires some level of maturity and a deep self-consciousness of the risks faced.
|
Oct 31
2011
|
|
Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI gap analysis exercise. It encompasses:
|
Oct 24
2011
|
|
There are circumstances where companies could face some technical or business impediments preventing them from implementing the requirements as explicitly stated in the standard. Does this mean that these companies could never achieve and maintain compliance?
|
Oct 10
2011
|
New PCI Compliance Dashboard - AvailablePosted by Didier Godart in PCI |
|
The PCI Compliance Dashboard is a spreadsheet providing a single view on all information you need to complete the PCI Compliance process without requiring to open multiple documents on the side.
|
Oct 03
2011
|
|
In newsletter #4 we saw that the payment brands classify organizations accepting and processing credit cards into “levels.” Levels are related to the number of transaction processed annually on the payment brand networks and are used to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.Do not mistake “Levels” for “Types”!
|
Oct 03
2011
|
|
If you ever endeavour getting data about the compliance rate from PCIco or the Payment Brands you would know how challenging it is, probably more challenging than finding the Holy Grail. So in this context the release of the Verizon 2011 Payment Card Industry Compliance Report is quite enlightening for the security industry and merchant community. It gives us a good sense of reality of the field.
|
Sep 08
2011
|
|
What is a level?
“Levels” is a classification of organizations accepting and processing credit cards. They are defined and used by the payment brands to indicate what compliance validation procedures and reporting requirements targeted entities are expected to complete.
|
Sep 02
2011
|
|
In this newsletter we will distribute the roles for the PCI play.
Regulators (scenarists and directors)
|
Aug 16
2011
|
|
Hi Everyone,
Community
Coverage
About Us
Follow our Tweets
Subscribe via Email
| Your Email: |
Subscribe via Email
| Your Email: |
Tag Cloud
Analyst Blogs
© 2012 Executive IT Forums Inc
All Rights Reserved.
