Sign up to save your podcasts
Or
Share Datanauts 157: Balancing Compliance And Security With PCI-DSS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Datanauts 157: Balancing Compliance And Security With PCI-DSS
On today’s Datanauts podcast we assess the current state of the PCI-DSS (Payment Card Industry Data Security Standard) compliance standard and its impact on your infrastructure and security operations. Our guest is Paul Snyder, an IT Risk Consultant for a large insurance agency.
In part 1 we walk through the basics of PCI, including the organizations behind it, which organizations are subject to the standard (anyone that processes credit card transactions), and the various assessment levels, from a do-it-yourself checklist to a visit from your friendly neighborhood QSA (Qualified Security Assessor).
Part 2 examines the scope of PCI in terms of the data its protecting and which systems fall under assessment. We also discuss the differences between compliance and security–they aren’t the same thing.
Part 3 offers advice on how to survive an assessment, the documentation you’ll need to provide, what to know about assessors, and how to work with QSAs to maximize a positive outcome (don’t lie, don’t try to play games).
Show Links:
PCI Security Standards Council: Document Library
PCI Security Standards Council: Self Assessment Questionnaire
PCI Security Council: Understanding SAQs (PDF)
Paul Snyder on Twitter
State Of The SOC – Paul Snyder’s Blog
Paul Snyder on LinkedIn
View all episodes
By Packet Pushers Interactive LLCOn today’s Datanauts podcast we assess the current state of the PCI-DSS (Payment Card Industry Data Security Standard) compliance standard and its impact on your infrastructure and security operations. Our guest is Paul Snyder, an IT Risk Consultant for a large insurance agency.
In part 1 we walk through the basics of PCI, including the organizations behind it, which organizations are subject to the standard (anyone that processes credit card transactions), and the various assessment levels, from a do-it-yourself checklist to a visit from your friendly neighborhood QSA (Qualified Security Assessor).
Part 2 examines the scope of PCI in terms of the data its protecting and which systems fall under assessment. We also discuss the differences between compliance and security–they aren’t the same thing.
Part 3 offers advice on how to survive an assessment, the documentation you’ll need to provide, what to know about assessors, and how to work with QSAs to maximize a positive outcome (don’t lie, don’t try to play games).
Show Links:
PCI Security Standards Council: Document Library
PCI Security Standards Council: Self Assessment Questionnaire
PCI Security Council: Understanding SAQs (PDF)
Paul Snyder on Twitter
State Of The SOC – Paul Snyder’s Blog
Paul Snyder on LinkedIn