Security Management Strategies for the CIO
Email Alerts
-
A PCI compliance network testing checklist to limit PCI DSS scope
Network security pros may not realize it, but they may inadvertently be on the hook regarding PCI DSS compliance if card data is inadvertently spread across the network. Ed Moyle discusses how this happens and how to make sure the network falls out o... Tip
-
PCI Council to address secure coding, key management in PCI DSS 2.0
The PCI Security Standards Council issued a high-level summary document reflecting nine proposed changes to the standard. Article
-
Assessment success: PCI DSS standards and secure data storage
PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains. Tip
-
Quiz: How to pass a PCI assessment
How much have you learned about the PCI assessment process? Test your knowledge in this short quiz. Quiz
-
Visa: Banks shouldn't force merchants to store full card data
Visa clarifies its rules and says acquirers and issuers must accept truncated numbers for dispute resolution. Article
-
Raising the bar on compliance success
By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" ... Video
-
PCI DSS 1.1: Strategies for compliance
In this video, Diana Kelley and Ed Moyle of consultancy SecurityCurve discuss the changes that have taken place during the first two years PCI DSS has been in effect, and look forward to potential future changes. Video
-
Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain
Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit cre... Interview
-
NuBridges update enables simultaneous data center tokenization
The software update helps enterprises coordinate the issuing of tokens among multiple data centers, and apply the technology to PII and PHI. Article
-
Qualified Security Assessor (QSA)
A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Definition