Our organization has not historically stored credit card information. However, a division of our organization is wanting to store credit card information. We want to do a full assessment/workshop to determine what this means for us as an organization. ...
Colleenw | 5/11/2013 6:25:27 AM | COMMENTS(1)
|
This week I have read about the creation of EMV Migration Forum for impulse the adoption of EMV in USA (mainly)...
With everybody using EMV, fraud should be more difficult, so... will PCI-DSS remain necessary?
http://www.smartcardalliance.org/pages/activi...
|
I must recognize that ex-QSA, I do not know how you feel when you failed a PCI audit... I was reflecting about it, after reading this article (http://www.darkreading.com/security/news/240004877/10-ways-to-fail-a-pci-audit.html)...
What is your experience?...
|
If an internal audit reveals a problem, and if the sample size for the audit is calculated based upon a statistical formula, what are the next steps? Key to my question is timing. In the scenario described, assume that issues are found in an internal audi...
rlmoore | 1/31/2013 10:02:46 AM | COMMENTS(3)
|
Dear My friends,
I have a problem to ask you, I had worked for 10 years IT, among the 10 years, I have 6 years information security experence, I had passed CCIES, CISA, CISSP, PMP and ITIL Foundation V3, Currently My work is Network and PCI and main...
Zujian520 | 11/18/2012 5:16:13 AM | COMMENTS(2)
|
In the present technological landscape, users expectation is to have every single task executed at the finger tips as one click activity. Tablets, mobiles and Phablets (Phone+ Tablets) are increasingly getting popularity and usage has also grown tremendou...
PramodLNS | 10/25/2012 7:07:06 AM | COMMENTS(0)
|
Books
Posted by ISACA 174 days ago
|
Mobile payments as a financial transaction medium emerged around a decade ago. Adoption was slow due to the nature of the mobile technology supporting the concept. However, recent significant advances on the technology front have made this area one of burgeoning growth in the financial services sector. Services-based and text-based payment and proximity device communications are appearing worldwide. Widespread use of smartphones and consumer comfort with mobile devices for more than communication are the principal drivers of a resurgent and increased interest in mobile payments. In addition, advances in software and hardware security techniques have made trusted financial transactions possible from these devices. This white paper examines the current state and nature of the mobile payments market, some of the relevant enabling technologies, and looks at the relevant risk, security and assurance issues that security and audit professionals will want to consider when developing and evaluating mobile payment services.
|
Posted by ISACA 760 days ago
|
Volume 3, 2013
by Andrew Hay
The PCI Security Standards Council’s Special Interest Group for Cloud released its much-anticipated guidance for securing Software, Platform and Infrastructure as a Service (SaaS, PaaS and IaaS) cloud servers.
|
Volume 2, 2013
by Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article attempts to provide the basics of where to find authoritative, reliable standards and frameworks from which an IT audit can be developed and conducted.
|
Volume 2, 2013
by Ali Alaswad, ITIL, PMPG, PMP
The advent of the Payment Card Industry Data Security Standard (PCI DSS) resulted in many organizations mandating its use.
|
Volume 5, 2012
by Adesanya Ahmed, CRISC, CGEIT, ACMA, ACPA
Today’s business needs demand that applications and data move across physical, international borders as well as the cloud, and are accessible by third parties.
|
Volume 2, 2012
by Steve Markey
This article discusses the genesis for CSIR testing, several testing methodologies and/or exercises with which an organization can assess the maturity of its CSIR plan/program.
|
Volume 1, 2012
by Mathew Nicho, Ph.D., CEH, SAP-SA, RWSP
With more and more transactions based on credit cards, merchants dealing with these are forced to comply with standards such as PCI DSS v2.0 or face huge penalties.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
The PCI Security Standards Council released the PCI DSS Risk Assessment Guidelines Information Supplement. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
|
PCI SSC includes in this channel some videos with general information
|
Family-owned Cisero's claims Elavon Inc., its former payments processor, and U.S. Bank, its former acquirer, illegally charged the Park City, Utah, restaurant fees and fines after an alleged card breach. Elavon and U.S. Bank are part of U.S. Bancorp.
Contracts between merchants, acquiring banks and processors are complicated. "The entire system is like a complex labyrinth of rules, contracts, security standards and other processes that most merchants believe is stacked against them," says David Navetta, founding partner of the Information Law Group who has represented merchants in similar situations. "It is a difficult and expensive process."
...
|
Although a bit old (from August 2011), it is a very useful "Information Supplement".
This Information Supplement provides guidance and recommendations for deploying wireless networks including 802.11 Wi-Fi and 802.15 Bluetooth technologies, in accordance with the Payment Card Industry Data Security Standard (PCI DSS). The goal is to help organizations understand and interpret how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and to provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.
This document focuses on 802.11 Wi-Fi and 802.15 Bluetooth technologies, and does not cover cellular networks (GSM, GPRS, etc).
All references made to the PCI DSS in this document refer to PCI DSS version 2.0.
|
How to comply with the global standard without breaking the bank.
Contributed by ISACA on 30 Jun 2010
|
Does your organization treat compliance as a set of check boxes designed to meet the auditors' requirements? If so, you are wasting a lot of time, money and precious IT resources. This white paper is a roadmap for making compliance a painless, efficient, and routine part of your processes.
Contributed by ISACA on 30 Jun 2010
|
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 1 comments
|
Como much@s de vosotr@s sabréis, recientemente se ha publicado la versión 2.0 del estándar PCI-DSS, por lo que he pensado que podría ser interesante compartir mi análisis de los cambios (el PCI Council ha publicado un documento titulado "Summary of Change...
Posted By : Antonio Ramos | 0 comments
|
|
Continuando con el post anterior vamos a comentar el otro documentado liberado por el PCI Council a principios de octubre relativo a la aplicabilidad de PCI-DSS en los entornos EMV [pdf]. Ante la duda que podía surgir sobre si en los entornos EMV debíamos...
Posted By : Antonio Ramos | 0 comments
|
El pasado 5 de octubre, el PCI Council publicaba una guía denominada "Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance" (pdf)
dada la importancia creciente de esta tecnología (más conocida como
P2PE) y las muchas interpreta...
Posted By : Antonio Ramos | 0 comments
|
|
|