Do QSA’s Understand PCI?

March 19, 2009 — 3 Comments

I guess that title should say “Can anyone clarify PCI?” or “Can we get some PCI consistency please?. I find myself in discussion day after day on topics around PCI.

What is required for web app test? Is it authenticated? Is it just a scan? Is it just my external environment? Is it only my card holder systems?

I know the council is trying to do their best with outlining the standards but there still is a serious lack of consistency across QSA’s and organizations. I found this so frustrating that I developed the cartoon below to represent my opinion.

pci-compliance

Basically Mr. CEO here is not meeting PCI compliance and his QSA’s are all telling him something different. Even better is the new standards and enforcement that all the QSA’s themselves are trying to understand? Will any big enterprise be able to make compliance?

Security Survey Polls Added

March 19, 2009 — Leave a comment

The polls are open!

While visiting this site please check out the new IS Management page and contribute to the voting polls.

https://infosecalways.com/is-management-polls/

If you would like to see new or different polls added let me know.

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

InfoSecAlways.com

Information Security Always by Jason Bevis

Day: March 19, 2009

Do QSA’s Understand PCI?

Security Survey Polls Added