Information Security
searchsecurity.techtarget.com.au
TechTarget ANZ : Targeted Information for IT Professionals
- Visit other TechTarget ANZ sites:
PCI Data Security Standard
Article (27)
-
PCI tokenization may be a token effort
Tokenization can help to secure credit card transactions, but merchants want standards and guarantees it will ease PCI assessments before they adopt the technology. -
PCI SSC Council to beef up assessor training
The Payment Card Industry Security Standards Council will change the way it trains assessors, to ensure better oversight of PCI DSS testing. -
PCI DSS implementation: how to get it right!
PCI DSS is not easy to adopt, so we have three lessons about how to get your implementation right. -
PCI virtualization SIG hopes for progress at meeting
The PCI Virtualization Special Interest Group is meeting this week and hopes it can advance the way PCI addresses virtualization. But don't hold your breath for actual guidance, as we learn in this interview with Richard Rees, security solution director at SunGard Availability Services and member of the Virtualization SIG. -
Forrester explains log management under PCI DSS
Forrester Research Senior Analyst John Kindervag explains what' required to effectively manage log files under the PCI DSS standard. -
MasterCard ups PCI compliance requirements for some merchants
MasterCard will insist that some merchants hire external PCI DSS auditors. -
19 questions - and answers - to common PCI DSS problems
Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle answers 19 common questions about the standard and how to make it work for your organisation. -
What's coming in PCI DSS' virtualisation regulations
The PCI Data Security Standard has little to say about virtualization – for now. Michael Cobb explores which best practices are likely to appear in the council's upcoming clarification document. -
PCI Council releases new compliance tool
A new PCI compliance tool walks companies through the compliance process by meeting six milestones set by weighing risk and threat factors. -
PCI DSS 1.2 for the finance sector
The recent update of the PCI DSS standard will require new actions for anyone in the financial services industry. We explain the new steps needed to remain compliant in this piece. -
Why PCI DSS needs to go virtual
The PCI DSS standard lacks controls for virtualised environments and experts worry this erodes its effectiveness. -
Why has VMware joined the PCI DSS council?
In a move seemingly aimed at placating virtualisation-loving retailers VMware has joined the PCI DSS Council. -
What's new in PCI DSS 1.2
Qualified security assessor Ed Moyle reviews the impact of PCI DSS 1.2 on your organisation. -
PCI DSS update clarifies wireless and antivirus issue
A looming revision to PCI DSS, due in October, includes guidelines about protecting WLANs and use of antivirus software. -
PCI DSS reference library
Looking for help with PCI DSS? We've rounded up our best articles on the subject to help you comply with this important standard. -
The realities of PCI DSS 6.6 application code reviews
The application code reviews requirement in the new PCI DSS standard can seem laughable, but are actually not horribly hard to implement in your applications. -
PCI council to launch assessor quality assurance program
The PCI Council has a new plan to help merchants. -
PCI DSS compliance: Web application firewall or code review?
Experts weigh the options for complying with the application security regulation of the PCI Data Security Standard - code review or Web application firewall. -
PCI portal aims compliance guidance at smaller organisations
A new portal plans to make PCI compliance easier for small organisations. -
VIDEO: PCI group addresses assessor issues, vendor challenges
David Taylor of the PCI Security Vendor Alliance discusses PCI challenges, the new PCI Knowledge Base and how the group can help both vendors and companies. -
PCI Council issues clarification on Web application security
The PCI Council has issued guidance on how to implement its standards within web applications -
New version of PCI DSS coming in September
A new version of the PCI DSS standard is coming later this year. -
Poor network segmentation biggest threat to PCI compliance
By failing to segment networks, business must ensure PCI compliance for all of their infrastructure, which is far harder than making payment systems compliant. -
Credit card security standard largely ignored
Australian merchants and credit card processors are yet to comply with the payment card industry's Data Security Standard (PCI DSS). And as Patrick Gray writes, it seems the threat of jail time is the only thing that seems to be motivating the laggards. -
How to apply ISO 27002 to PCI DSS compliance
Learn how the ISO 27002 can not only help you comply with PCI DSS, but also provide more structure to an overall enterprise compliance program. -
PCI DSS Council adding new standard for payment applications
The Payment Card Industry Security Standards Council is adding a new provision to the PCI Data Security Standard (PCI DSS), based on some of Visa's standards. -
PCI council formed; revised standard includes app security requirement
American Express, Discover, JCB, MasterCard and Visa have created an independent PCI standards council. Their first act was to release version 1.1 of the PCI security standard.
News (3)
-
2010 PCI DSS revision to offer "clarifications", no major revisions
The general manager of the PCI Security Standards Council says a refresh of the standard due in late 2010 will contain "clarifications" rather than wholesale changes. -
MasterCard chages PCI rules for level 2 merchants
MasterCard has relaxed its PCI DSS requirements for smaller retailers. -
IBM to boost security spending, push PCI DSS program
IBM plans to invest $1.5 billion on security research in 2008. The company is also using recent acquisitions to introduce a PCI DSS program.
Expert Answer (2)
-
Do you need a web application firewall to achieve PCI DSS compliance?
Web application firewalls can improve security and help with compliance chores. -
The security problems PCI DSS does not fix and how to prevent them
Learn about the missing breaches PCI DSS does not proscribe and how to make sure they don't compromise your organisation.
Tips (6)
-
Applying PCI DSS to Web application security
Diana Kelley reviews the PCI DSS sub-requirements for Web applications, and explains how you can apply these requirements to your security systems. -
Guide to passing PCI's five toughest requirements
Learn how to successfully implement the five Payment Card Industry (PCI) DSS requirements that have been continuously stumping security professionals. -
PCI Pain: Is it time for an overhaul?
Mike Rothman discusses which portions of PCI DSS have been impossible for merchants to master, and offers tips on how to make these areas less painful. -
Compliance benefits of tokenisation
If your organization handles credit card data, then it's probably already heard about the benefits of tokenisation. However, as Joel Dubin explains, tokenisation not only keeps confidential data out of the hands of malicious hackers, but also offers a less expensive strategy for achieving PCI compliance. -
What is the harm in removing a credit card's RFID chip?
If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert explains some other options. -
Use SHA to encrypt sensitive data
Complying with the PCI Data Security Standard is now on the forefront of many security practitioner's minds. Learn how using the Secure Hashing Algorithm can help you encrypt sensitive data and help you meet the PCI Data Security Standard requirements.
General Content (4)
-
Strategies for success -- PCI DSS Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Learn how Requirement 1 of a PCI compliance audit is about more than just installing a firewall. -
Strategies for success -- PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data
Learn how Requirement 10 of a PCI compliance audit often forces companies to manually track each network system's log files. -
Strategies for success -- PCI DSS Requirement 8: Assign a unique ID to each person with computer access
Enterprises aren't passing PCI DSS Requirement 8. Learn how to assign a unique ID to each person with computer access. -
Strategies for success -- PCI DSS Requirement 11: Regularly test security systems and processes
Learn why internal and external network scans are necessary to complete Requirement 11 of the PCI Data Security Standard.
© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.
TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au
WF Online community sites: ElectricalSolutions | ElectronicsOnline | FoodProcessing | InMotionOnline | LabOnline | ProcessOnline | RadioComms | SafetySolutions | SustainabilityMatters | Voice&Data
Copyright ©
2010
Westwick-Farrow Pty Ltd. All rights reserved.
About Us
|
Contact Us
|
TechTarget