Security Management Strategies for the CIO
Email Alerts
-
Technical guide on PCI: Global compliance trends
TechTarget’s Security Media Group presents a global look at PCI, and how it is impacted by today’s evolving business needs. Our technical editors from the U.S., Europe, India and Asia provide their respective regions’ perspective on PCI global compli... E-Book
-
Comprehensive information security programs vital for PCI compliance
This month’s Information Security cover story explores the practical ways you can avoid mishaps by building on the technical specifications of compliance requirements like PCI DSS. Learn to focus your efforts on not only satisfying these compliance m... E-Zine
-
PCI DSS: Next-generation data security, storage and integrity
SearchSecurity.com presents a comprehensive guide to PCI DSS. Our experts cover all the angles in order to help your efforts in meeting compliance with the credit card industry’s data security standard. We have the latest PCI DSS advice and best prac... E-Book
-
Download presentations from Information Security Decisions 2012
At ISD 2012, many of the industry's leading information security experts gathered to share vendor-neutral expertise and proven security strategies. Conference supplement
-
PCI 2.0 guide: How have PCI compliance requirements changed?
In this PCI 2.0 learning guide, you will learn how the PCI compliance requirements have changed, if those changes have improved the standard and how the changes will affect your enterprise's complaince programs and processes. Learning Guide
-
Quiz: How to pass a PCI assessment
How much have you learned about the PCI assessment process? Test your knowledge in this short quiz. Quiz
-
Understanding tokenization amid PCI encryption requirements
This mini learning guide offers a brief introduction to tokenization technology, as well as PCI DSS encryption requirements. Learn more about the future of tokenization and how the technology may help to ease PCI DSS compliance burdens. Learning Guide
-
PCI DSS compliance help: Using frameworks, technology to aid efforts
This mini-guide offers a variety of tips and information on how organizations can use several frameworks, technologies and standards, such as tokenization, ISO 27002, Secure Hashing Algorithm and other existing controls to help manage PCI DSS efforts... Learning Guide
-
Quiz: Developing a risk-based compliance program
A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Quiz
-
Quiz: PCI DSS compliance -- Two years later
A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Quiz
-
Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"
Understanding which requirements of the "12 commandments" are the most challenging can keep your organization from wasting time, money and effort on the wrong ideas or technical implementations. In this guide, Craig Norris draws some important PCI c... Learning Guide
-
PCI DSS Requirement 11: Regularly test security systems and processes
Craig Norris explains why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard, one that frequently baffles security professionals. Learning Guide
-
PCI DSS Requirement 3: Protecting stored data
One of the biggest problems with PCI DSS requirement 3 is that merchants must accurately know where credit card data flows from its inception, where it traverses the network and resides, and what its "state" is along the way. Craig Norris explains ho... Learning Guide
- See more Essential Knowledge on PCI Data Security Standard
-
Echopass achieves PCI Level 1 certification; CISO offers PCI guidance
On the heels of Echopass achieving PCI Level 1 certification, CISO Dennis Empey offers PCI guidance for other cloud providers navigating the process. News | 13 Sep 2013
-
PCI DSS 3.0 preview highlights passwords, providers, payment data flow
The proposed PCI DSS 3.0 standard would emphasize in-house vulnerability assessments, add password flexibility and highlight provider compliance. News | 15 Aug 2013
-
HIPAA Omnibus Rule, PPACA challenge enterprise compliance management
Compliance practitioners say new mandates like the HIPAA Omnibus Rule and Obamacare are making enterprise compliance management even harder. News | 31 May 2013
-
B-Sides: Akamai's Corman calls for new information security focus
At Security B-Sides 2013, Joshua Corman railed against PCI DSS and vendor profit measures, calling for a renewed information security focus on what really matters. News | 26 Feb 2013
-
PCI Council: Risk assessment methodology unique to company environment
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment. News | 19 Nov 2012
-
PCI Council issues mobile application rules for software developers
Guidelines, aimed at developers and device manufacturers, support the need for more secure development practices for mobile payment acceptance. News | 13 Sep 2012
-
P2P encryption for mobile is not an technology endorsement, says PCI Council
The PCI Council will continue to issue recommendations for mobile payment security, according to Bob Russo, general manager of the PCI SSC. News | 25 May 2012
-
PCI Council urges P2P encryption for mobile payments
A PCI Council guidance document requires merchants to use a validated PIN entry device or secure card reader to accept payments using mobile devices. News | 16 May 2012
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration. News | 02 May 2012
-
PCI assessor and CISO: Work together for the best PCI ROC
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate. News | 19 Apr 2012
- See more News on PCI Data Security Standard
-
PCI e-commerce compliance guidelines for third-party payment processors
Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant. Tip
-
Understanding PCI mobile payment processing security guidelines
Mike Chapple discusses the new PCI Mobile Payment Acceptance Security Guidelines and the mobile payment processing implications for merchants. Tip
-
Analysis: Inside the new PCI DSS risk assessment
Mike Chapple outlines the recommendations in the PCI DSS Risk Assessment Guidelines and explains how they can make a compliance program stronger. Tip
-
Overview: New PCI mobile application development guidelines
The PCI SSC recently released mobile application development security guidelines. Mike Chapple outlines the document and highlights key takeaways. Tip
-
PCI validation: Requirements for merchants covered by PCI DSS
Mike Chapple details the PCI validation requirements for merchants covered by PCI DSS. Tip
-
The cost of compliance: Data center server virtualization compliance
Security expert Mike Chapple explores whether the cost of compliance outweighs the benefits afforded by enterprise data center server virtualization. Tip
-
Web application firewalls: Patching, SDLC key for security, compliance
Mike Chapple on improving defense-in-depth security with Web application firewalls (WAFs) and a strong software development lifecycle (SDLC) process. Tip
-
Balancing mobile payment processing and merchant PCI compliance
Merchant PCI compliance is hard enough, but now mobile payment processing adds a new wrinkle. Learn how P2P encryption can help you stay compliant. Tip
-
Visa's PCI compliance policy change: The end of the PCI assessment?
Does Visa's PCI compliance policy change mean the end of the PCI assessment? Mike Chapple discusses what it means for security professionals. Tip
-
Can a PCI Level 2 merchant perform a PCI self-assessment?
Expert Mike Chapple clarifies whether a PCI Level 2 merchant can carry out an annual PCI self-assessment questionnaire. Tip
- See more Tips on PCI Data Security Standard
-
Understanding the PCI DSS prioritized approach to compliance
You can take a phased approach to achieving PCI DSS compliance, but expert Mike Chapple says you aren't compliant until you meet all its requirements. Answer
-
Web application security testing: Is a pen test or code review better?
For Web application security testing, if cash is tight, should a penetration test top an application code review? Michael Cobb explains his choice. Answer
-
PCI DSS compliance: What to do when agents email credit card numbers
Emailing unencrypted credit card numbers is a violation of PCI DSS. Learn how to stop customer service agents from practicing this dangerous act. Answer
-
How to address PCI compliance in the cloud
Expert Mike Chapple offers advice on how to address PCI compliance when moving systems to the public cloud. Answer
-
Criteria for evaluating PCI consultants
PCI consultants can help organizations achieve PCI DSS compliance, but first you must choose the right one. Answer
-
Unencrypted credit card data storage: Why 70% of merchants do it
Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements. Answer
-
Breaking down PCI SSC's Qualified Integrators and Resellers program
Mike Chapple breaks down PCI SSC's new Qualified Integrators and Resellers (QIR) program, explaining the compliances requirements for merchants. Answer
-
Complying with MasterCard's new PCI Level 2 assessment requirements
Expert Mike Chapple breaks down how Level 2 merchants can comply with MasterCard's new requirement for PCI self-assessments. Answer
-
Four compliance IT management tips to improve employee engagement
Mike Chapple offers four tips for improving employee collaboration and creativity with an enterprise's compliance program. Answer
-
Mobile payment networks: What are the PCI compliance requirements?
Mike Chapple discusses what the PCI compliance requirements might look like for mobile payment networks such as Merchant Customer Exchange (MCX). Answer
- See more Expert Advice on PCI Data Security Standard
-
PCI DSS 12 requirements
PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
PCI DSS 2.0
PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.0) is the second version of the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
PCI DSS User Group
The PCI DSS User Group is a London-based user group for merchants and retailers who must comply with the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). Definition
-
Qualified Security Assessor (QSA)
A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Definition
-
Report on Compliance (ROC)
A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit. In general, a level 1 merchant is one who processes over 6 million Visa transactions in a year. Definition
-
PCI DSS (Payment Card Industry Data Security Standard )
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal info... Definition
-
PCI SSC's Bob Russo on point-to-point encryption, PCI compliance
Video: The PCI SSC GM discusses tokenization, point-to-point encryption, PCI compliance and plans to approve vendor P2P encryption products. Video
-
Bob Russo on mobile payment security and PCI compliance
Video: The PCI SSC is working on guidance for businesses that want to accept mobile payments and are testing mobile payment applications for PCI compliance. Video
-
PCI compliance guidance fueling technology investments, expert says
Despite no update to PCI DSS until the end of 2013, merchants are busy with compliance initiatives, explains Diana Kelley of SecurityCurve. Video
-
Webcast: Building a data management program for PCI DSS standards
In this special presentation, expert Mike Chapple explores how to build a data management program in support of enterprise PCI DSS compliance. Video
-
Video: PCI liability, HIPAA enforcement rule, breach notification laws
Attorney David Navetta discusses why PCI liability matters to card brands, the effect of the HIPAA enforcement rule and breach notification laws. Video
-
Experts demystify the complexity of PCI compliance in the contact center
In the second part of a two-part podcast, Diana Kelley and Lori Bocklund discuss staffing, process and new technology concerns for PCI DSS compliance in the contact center. Podcast
-
PCI tokenization: Credit card security policy guidance
Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise. Video
-
PCI encryption, virtualization standards: Interpreting PCI guidelines
Get expert advice on understanding the PCI encryption requirements and virtualization guidance in this video. Video
-
Ramon Krikken on tokenization vs. encryption, PCI tokenization
The Gartner IT1 research director discusses tokenization vs. encryption, PCI tokenization to reduce audit scope and lagging tokenization standards. Video
-
PCI analysis: Wade Baker on Verizon PCI report findings
In this video, Verizon's Director of Risk Wade Baker explains the company's PCI report and what it has to say about the state of the standard. Video
- See more Multimedia on PCI Data Security Standard
-
Echopass achieves PCI Level 1 certification; CISO offers PCI guidance
On the heels of Echopass achieving PCI Level 1 certification, CISO Dennis Empey offers PCI guidance for other cloud providers navigating the process. News
-
Understanding the PCI DSS prioritized approach to compliance
You can take a phased approach to achieving PCI DSS compliance, but expert Mike Chapple says you aren't compliant until you meet all its requirements. Answer
-
PCI DSS 3.0 preview highlights passwords, providers, payment data flow
The proposed PCI DSS 3.0 standard would emphasize in-house vulnerability assessments, add password flexibility and highlight provider compliance. News
-
PCI e-commerce compliance guidelines for third-party payment processors
Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant. Tip
-
HIPAA Omnibus Rule, PPACA challenge enterprise compliance management
Compliance practitioners say new mandates like the HIPAA Omnibus Rule and Obamacare are making enterprise compliance management even harder. News
-
Web application security testing: Is a pen test or code review better?
For Web application security testing, if cash is tight, should a penetration test top an application code review? Michael Cobb explains his choice. Answer
-
PCI DSS compliance: What to do when agents email credit card numbers
Emailing unencrypted credit card numbers is a violation of PCI DSS. Learn how to stop customer service agents from practicing this dangerous act. Answer
-
How to address PCI compliance in the cloud
Expert Mike Chapple offers advice on how to address PCI compliance when moving systems to the public cloud. Answer
-
Criteria for evaluating PCI consultants
PCI consultants can help organizations achieve PCI DSS compliance, but first you must choose the right one. Answer
-
Unencrypted credit card data storage: Why 70% of merchants do it
Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements. Answer
- See more All on PCI Data Security Standard
About PCI Data Security Standard
Get inside the Payment Card Industry Data Security Standard (PCI DSS) and learn how to get compliant with information on requirements, standards, audits, fines and what's new in version 1.2.