PCI virtualization: New guidelines, harder compliance

PCI virtualization: New guidelines, harder compliance

New guidelines on virtualization issued by the PCI SSC show PCI compliance is possible within a virtualized environment, but may not be feasible.
MORE HIGHLIGHTS

Is continuoulsly maintaining PCI compliance possible?

Charles Denyer addresses the ongoing struggle enterprises face in maintaining PCI compliance, weighing practicality with security necessity.
Pros and cons of point-to-point encryption

P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.
Point-to-point encryption certification program ahead

PCI Security Standards Council plans to release a list of certified components in April.

PCI Data Security Standard

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

Understanding which requirements of the "12 commandments" are the most challenging can keep your organization from wasting time, money and effort on the wrong ideas or technical implementations. In this guide, Craig Norris draws some important PCI co... Learning Guide
PCI DSS Requirement 11: Regularly test security systems and processes

Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals. Learning Guide
Quiz: Must-have compliance technologies

A five-question multiple-choice quiz to test your understanding of the content presented by expert Trent Henry in this lesson of SearchSecurity.com's Compliance School. Quiz
PCI Data Security Standard: How to survive an audit

The PCI Data Security Standard is praised for its clarity, but that doesn't make compliance audits a breeze. Learn how to survive. Information Security maga
PCI Data Security Standard: Swiping back

With the goal of reducing fraud, the credit card associations' PCI standard scores points for clarity. Information Security maga
PCI Data Security Standard: 12-step program for compliance

Unlike some government regulations, the PCI standard is praised for its clarity. Here are the 12 basic requirements. Information Security maga
See More: Essential Knowledge on PCI Data Security Standard

Verizon PCI report finds firms struggling to maintain compliance

Many businesses struggle to maintain PCI DSS compliance, suggesting meeting the standard is a goal rather than an ongoing initiative, according to a new report from Verizon Business. News | 28 Sep 2011
PCI Council issues point-to-point encryption validation requirements

A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules. News | 16 Sep 2011
PCI tokenization: Vendors need to iron out differences, expert says

The long-awaited PCI Tokenization Guidelines add heft to its use, but persisting problems deter merchants from fully embracing the technology, according to one expert. News | 01 Sep 2011
PCI Council issues long-awaited PCI tokenization compliance guidance

PCI DSS tokenization can reduce the scope of a PCI assessment, according to new guidance issued Friday. One expert says it’s been a long time coming. News | 12 Aug 2011
Ramon Krikken on tokenization vs. encryption, PCI tokenization

The Gartner IT1 research director discusses tokenization vs. encryption, PCI tokenization to reduce audit scope and lagging tokenization standards. News | 23 Jun 2011
PCI virtualization: New guidelines, harder compliance

New guidelines on virtualization issued by the PCI SSC show PCI compliance is possible within a virtualized environment, but may not be feasible. News | 14 Jun 2011
PCI virtualisation: With new guidelines, compliance may be harder

New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible. News | 14 Jun 2011
Google Wallet gains interest from security researchers

Google’s NFC service will be thoroughly vetted for vulnerabilities, access for cybercriminals. Cloning may be possible. News | 27 May 2011
PCI DSS survey finds need for credit card tokenization guidance

Companies are considering tokenization as an alternative or in addition to encryption, a recent survey found. News | 19 May 2011
Eye on: PCI DSS compliance

SearchSecurity.com's new "Eye on" series examines a security topic each month. In March, the series explores the role PCI DSS has played in shaping the security industry. Article | 06 Apr 2011
See More: News on PCI Data Security Standard

P2P encryption: Pros and cons of point-to-point encryption

P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons. Tip
Best practices for enterprise database compliance

Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
Using standardized enterprise security practices to secure and defend your network

PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how. Tip
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain

Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear. Tip
PCI virtualization SIG analysis: Guidance for the cardholder data environment

The PCI virtualization SIG guidance is in. Get analysis and advice on virtualization in the cardholder data environment from expert Diana Kelley. Tip
PCI DSS questions answered: Solutions to tough PCI problems

Experts Diana Kelley and Ed Moyle answer your PCI DSS questions and give advice on how to solve your enterprise's toughest PCI problems. Tip
PCI requirement 7: PCI compliance policy for access control procedures

Though PCI DSS is generally prescriptive, when it comes to requirement 7, organizations have more leeway -- and, thus, more potential for error -- than other sections of the standard. Learn how to handle PCI DSS requirement 7 in this expert tip. Tip
PCI encryption requirements: Limiting PCI scope with P2P encryption

P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption. Tip
PCI 2.0: Changes aren't drastic, but don't address card brand autonomy

In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain. Tip
PCI DSS 2.0: PCI assessment changes explained

PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process. Tip
See More: Tips on PCI Data Security Standard

Is maintaining PCI compliance in the enterprise actually possible?

Charles Denyer addresses the ongoing struggle enterprises face in maintaining PCI compliance, weighing practicality with security necessity. Answer
Cloud computing providers and PCI virtualization requirements

How should an enterprise approach its cloud computing providers following the debut of the PCI virtualization requirements? Charles Denyer explains. Answer
Can the VMware PCI Compliance Checker assess my compliance posture?

The VMware PCI Compliance Checker claims to assess the compliance of a VMware virtual environment. Does it work? Charles Denyer has the answer. Answer
PCI Requirement 12.8.2: When is client compliance necessary?

Expert Charles Denyer addresses whether the PCI 12.8.2 requirement forces an organization working with a payment card merchant to become compliant. Answer
Cloud computing PCI compliance: Is it possible?

Is enterprise cloud computing PCI compliance possible? Expert Charles Denyer discusses how to use cloud computing and be PCI DSS-compliant. Answer
The cost of an audit: Choosing a competent PCI DSS QSA

Choosing the least expensive PCI DSS QSA for your PCI audit might seem like common sense, but not all auditors know what they're doing. In this expert response, Ernie Hayden describes what to look for in a competent QSA. Ask the Expert
Credit card data storage: Virtual terminal protocol for PCI compliance

Are merchants who use virtual terminals and payment gateways and do not store credit card data subject to PCI DSS requirements? Learn more in this expert response from Ernie Hayden. Ask the Expert
Is a PCI DSS report on compliance confidential?

Learn about the confidentiality of a PCI report on compliance, and a compliance audit report in general in this expert response from Ernie Hayden. Ask the Expert
How to reduce PCI DSS security scope for an audit

PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security scope. Ask the Expert
PCI DSS questions: Should full credit card numbers be on a receipt?

Are merchants that fall under PCI DSS allowed to print full credit card numbers on a receipt? Learn more in this response from security management expert David Mortman. Ask the Expert
See More: Expert Advice on PCI Data Security Standard

Qualified Security Assessor (QSA)

A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Word
Report on Compliance (ROC)

A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit. In general, a level 1 merchant is one who processes over 6 million Visa transactions in a year. Word
PCI DSS (Payment Card Industry Data Security Standard )

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal info... Word

PCI tokenization: Credit card security policy guidance

Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
PCI encryption, virtualization standards: Interpreting PCI guidelines

Get expert advice on understanding the PCI encryption requirements and virtualization guidance in this video. Video
Ramon Krikken on tokenization vs. encryption, PCI tokenization

The Gartner IT1 research director discusses tokenization vs. encryption, PCI tokenization to reduce audit scope and lagging tokenization standards. Video
PCI analysis: Wade Baker on Verizon PCI report findings

In this video, Verizon's Director of Risk Wade Baker explains the company's PCI report and what it has to say about the state of the standard. Video
PCI DSS Compliance: Debating the benefits, unintended consequences Part 1

Is PCI DSS effective? Are there unintended consequences? Mike Dahn, head of PCI Compliance at Verizon and Joshua Corman, director of security research at the 451 Group discuss how PCI DSS has changed the security landscape. Video
PCI DSS Compliance: Debating the benefits, unintended consequences Part 2

Can critics of PCI DSS can get along with proponents of the standard? Gene Kim of Tripwire Inc. and Martin McKeay of Verizon, explain what can be learned by studying the effects of PCI DSS compliance. Video
Raising the bar on compliance success

By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" ... Video
PCI DSS 1.1: Strategies for compliance

In this video, Diana Kelley and Ed Moyle of consultancy SecurityCurve discuss the changes that have taken place during the first two years PCI DSS has been in effect, and look forward to potential future changes. Video
Re-evaluating QSA training

Recently, the PCI QSA training process has come under scrutiny over the quality of individual PCI assessors. In part two of this interview, Bob Russo, General Manager of the PCI Security Standards Council, sheds light on changes to the training proce... Video
The future of PCI DSS

Bob Russo, General Manager of the PCI Security Standards Council, discusses upcoming changes to the PCI DSS, including what new changes might be mandated, and when they might go into effect. Video
See More: Multimedia on PCI Data Security Standard

Is maintaining PCI compliance in the enterprise actually possible?

Charles Denyer addresses the ongoing struggle enterprises face in maintaining PCI compliance, weighing practicality with security necessity. Answer
P2P encryption: Pros and cons of point-to-point encryption

P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons. Tip
Best practices for enterprise database compliance

Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
Using standardized enterprise security practices to secure and defend your network

PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how. Tip
Verizon PCI report finds firms struggling to maintain compliance

Many businesses struggle to maintain PCI DSS compliance, suggesting meeting the standard is a goal rather than an ongoing initiative, according to a new report from Verizon Business. News
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain

Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear. Tip
PCI Council issues point-to-point encryption validation requirements

A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules. News
Cloud computing providers and PCI virtualization requirements

How should an enterprise approach its cloud computing providers following the debut of the PCI virtualization requirements? Charles Denyer explains. Answer
Can the VMware PCI Compliance Checker assess my compliance posture?

The VMware PCI Compliance Checker claims to assess the compliance of a VMware virtual environment. Does it work? Charles Denyer has the answer. Answer
PCI Requirement 12.8.2: When is client compliance necessary?

Expert Charles Denyer addresses whether the PCI 12.8.2 requirement forces an organization working with a payment card merchant to become compliant. Answer
See More: All on PCI Data Security Standard

About PCI Data Security Standard

Get inside the Payment Card Industry Data Security Standard (PCI DSS) and learn how to get compliant with information on requirements, standards, audits, fines and what's new in version 1.2.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

PCI Data Security Standard

About PCI Data Security Standard

More from Related TechTarget Sites