21. August 2008 by James Barrow.

PCI-Compliance.Org, the parent site of this blog has just published a newly redesigned website.  This new site contains a multitude of compliance related resources.  Some of these new and expanded resources include:

• Publications—A listing of books and articles related to compliance

• Documentation—A listing of official PCI related resources from the SSC

• News—Contains links to current PCI related news stories and press releases

• Calendar—Contains a listing of upcoming PCI/security related events

Follow this link to view the PCI-Compliance.Org website.

Posted in General | Print | No Comments »

18. August 2008 by James Barrow.

PCI SSC Releases additional information on the upcoming Data Security Standard (DSS) version 1.2. The first of these is a press release “PCI SECURITY STANDARDS COUNCIL ISSUES SUMMARY OF CHANGES TO NEXT VERSION OF PCI DATA SECURITY STANDARD.”   The second is a summary of the changes included in version 1.2 of the DSS.   Finally the third document is a list of frequently asked questions related to the new DSS. 

Press Release: PCI SECURITY STANDARDS COUNCIL ISSUES SUMMARY OF CHANGES TO NEXT VERSION OF PCI DATA SECURITY STANDARD

Summary of Changes: A summary of changes included in version 1.2 of the DSS.

Frequently Asked Questions: PCI DSS v. 1.2 Summary of Changes Frequently Asked Questions

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

18. August 2008 by James Barrow.

The PCI Security Standards Council, today (8/18/2008) announced it is offering a complimentary and educational webinar, “A Perfect Fit - Understanding the Interrelationship of the PCI Standards.”  

This webinar will be held on Thursday August 21, 2008 at 9:00 a.m. EDT and a second session the same day at 7:30 p.m. EDT. 

This one hour webinar is designed for any entity that processes, stores or transmits cardholder data.   

This webinar will address how each of the standards fit together in a larger perspective of data security. Participants will discover:

• How the PCI DSS, PA-DSS and PED Security Requirements interrelate;
• Why merchants should know about PA-DSS and PED;
• Why incorporating PCI standards is your best approach to protecting cardholder data;
• Using PCI standards as a model for data security. 

Follow this link to register for the Thursday, September 4, 2008 session at 9:00 a.m. EDT. 

Follow this link to register for the Thursday, September 4, 2008 session at 7:30 p.m. EDT. 

The morning webinar will be recorded and available for download for those who cannot attend either session. 

Posted in PA-DSS, Level 2 & 3, Level 1, General | Print | No Comments »

18. August 2008 by James Barrow.

In an article published today 8/18/2008, Thomas J. Smedinghoff explores the issue of the legal side of data security.  In his article Smedinghoff examines the complexity of the data security landscape and writes that “There is no single statute or regulation that governs all of your company’s information security obligations. Instead, an ever-expanding patchwork of legal requirements is continuously evolving to impose a comprehensive duty to provide “reasonable” or “appropriate” security to protect your corporate data.”

Read the full article

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

15. August 2008 by James Barrow.

The International Association of Privacy Professionals (IAPP) recently announced the availability of a complimentary webinar.

This webinar: The Legal Implications of a Data Breach and Information on Building an Optimal Breach Response Plan, reviews the legal implications of a data breach and breach notification laws, as well as discussions of lessons learned and key considerations in building a data breach preparation plan.

The speakers for this presentation are Lisa Sotto, a partner at Hunton & Williams, and Kevin McCaslin, Director of Privacy & Security with Tenet Healthcare

Register for this webinar

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

8. August 2008 by James Barrow.

The Internet Retailer has published an interesting article related to staffing and PCI compliance.  The article is titled “Retailers with dedicated PCI staff have best data protection records.”

The article outlines some recent research that indentifies “Retailers and other organizations that have dedicated compliance managers or program offices for the Payment Card Industry Data Security Standard . . .  have better data security track records than other retailers . . “

This article contains some interesting statistics related to characteristics of companies that have been defined as best-in-class. 

The full article is available at the Internet Retailer website

James M. Barrow
CISM, CISA, CISSP, CIPP

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

28. July 2008 by James Barrow.

A new article has been posted titled “With PCI Scope is Everything.”  This article will provide the reader practical advice on how to reduce the cost and complexity of conducting a PCI assessment. 

Reducing the scope of your assessment will help to reduce the complexity of the overall compliance efforts as well as reducing the costs associated with such an assessment.

To read the complete article follow the link to “With PCI Scope is Everything.”

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

27. July 2008 by James Barrow.

The Payment Card Industry Security Standards Council has published a document titled “Ten Common Myths of PCI DSS.”  This document was published so as to educate the merchant community about some common misconceptions dealing with the Data Security Standard (DSS). 

This document states: “The PCI Security Standards Council presents ten common myths about PCI DSS to help your business optimize protection of cardholder data and ensure compliance with the standard.”   

To read the complete document please follow the link Ten Common Myths of PCI DSS.

James M. Barrow
CISM, CISA, CISSP, CIPP

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

23. July 2008 by James Barrow.

A new article has been posted that contains information on how to effectively develop policies to meet the requirements of compliance programs.  Although the information is written in order to assist with general policy development, it is targeted at those validating compliance with PCI.  The information provide should assist merchants with Requirement 12: Maintain a policy that addresses information security, of the PCI DSS.

To read the full article please follow the link  policy-development.pdf

James M. Barrow
CISM, CISA, CISSP, CIPP

Posted in Level 2 & 3, Level 1, General | Print | No Comments »

10. July 2008 by James Barrow.

On July 9, 2008 MasterCard Worldwide announced the availability of three new seminars designed to help merchants protect payment card data and reduce the likelihood of reputational risk and the incidence of fraud.   These new seminars include: 

• Data Encryption: Understanding Encryption and PCI DSS
• Network Segmentation
• Maximize Internal Preparations for PCI DSS 

Joshua Peirez, Chief Payment System Integrity Officer, MasterCard Worldwide stated that “Merchant education is critical to ensuring the integrity of payment data, and MasterCard is committed to facilitating and encouraging broader adoption of the PCI standards,”The addition of these three new seminars brings the MasterCard seminar offerings to a total of twelve.  These seminars are available at www.webcasts.com/mastercardpci.  All of these seminars are offered for free.  Other webinar session in addition to the three above include:

• An Introduction to the PCI Security Standards Council
• A Detailed Look at the PCI DSS Requirements
• A Merchant’s Journey Toward Compliance
• Understanding Account Data Compromise
• Preparing for a Successful PCI Assessment, Lessons from the Field
• Reducing Your Risk: A Look into PCI Vulnerability Scanning
• Security and the Payments System
• Compliance Validation and Beyond
• A Look into the New Self Assessment Questionnaire 

Beyond these seminars MasterCard offers a variety of other educational resources related to security initiatives.  More information on these resources can be found at the MasterCard Security Site.

James M. Barrow
CISM, CISA, CISSP, CIPP

Posted in Level 2 & 3, Level 1, General | Print | No Comments »