NSS Labs, well known for its security product testing and certification program, recently launched its PCI Suitability service. Merchants--from global giants to small retailers--are faced with difficult buying decisions, as they determine what technologies they need to deploy to comply with PCI-DSS. Smaller companies, in particular, need to evaluate products like intrusion prevention systems and Web application firewalls that might not have gotten serious budget consideration before PCI. In this podcast, NSS' president Rick Moy talks about the information that the PCI Suitability reports provide and how companies can use that information to help them make informed buying decisions.
| NSS Labs to focus on PCI technologies:
PCI group addresses assessor issues, vendor challenges: David Taylor of the PCI Security Vendor Alliance, discusses the challenges PCI presents, the newly created PCI Knowledge Base and how the group can help both vendors and companies.
How to apply ISO 27002 to PCI DSS compliance: The Payment Card Industry Data Security Standard may be fairly straightforward, but it's lacking in defining the processes that will ultimately lead to PCI DSS compliance.
Understanding PCI DSS compensating controls: By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations.
Report: Companies still stumped by PCI DSS: A VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance.
PCI portal aims compliance guidance at smaller merchants: PCI Knowledge Base aims to build a problem-solving community for merchants that can't afford hefty consulting fees.
Information Security podcasts: Visit SearchSecurity's podcast archive.