PCI group addresses assessor issues, vendor challenges |
 |
By Neil Roiter, Senior Technology Editor Information Security magazine
01 May 2008 | SearchSecurity.com |
|
|
The Payment Card Industry Data Security Standard (PCI-DSS) has sent companies scrambling to figure out which technologies they need to implement to comply, and, looking beyond the standard's numerous check-box requirements to actually improve data security. Across the security market landscape, vendors are pushing their products as PCI solutions, while organizations from small banks and retailers to Fortune 100 enterprises decide what they need to buy, choose among competing vendors and deploy new tools to meet PCI deadlines. In this interview at the recent RSA conference 2008, David Taylor, research director for the Payment Card Industry Security Vendor Alliance, discusses the challenges and opportunities PCI-DSS presents, the newly created PCI Knowledge Base, and how the alliance can help both vendors and companies working towards compliance.
Video - PCI group addresses assessor issues, vendor challenges: David Taylor of the PCI Security Vendor Alliance, discusses the challenges PCI presents, the newly created PCI Knowledge Base and how the group can help both vendors and companies.(8 min)
- PCI DSS has had companies scrambling for compliance. That's good for business but is it good for security? (0:12)
- Is the alliance still working with the PCI Council to set up a certification program for vendors? (0:48)
- We hear stories about assessors being not qualified and in some cases peddling vendor products. How do you respond to that? (2:52)
- PCI is more prescriptive than a lot of regulations. Are people pretty clear on the requirements or is there confusion out there? (4:55)
- In these last 14 months or so, what have you experienced that's been particularly frustrating and what you look back on with particular pride? What would you like to see happen in the next year or so? (5:55)
|
|
|
|
