InfoSec Insider

Unusual Questions About PCI DSS

Listen Later

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) with URM, answer the niche and unusual questions they encounter around the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss:   

  • The strangest misconceptions they have heard about PCI DSS and cardholder data security
  • What PCI DSS would look like if it were invented today, and what would be left out entirely
  • The simple PCI DSS controls that people routinely misunderstand
  • The most unusual systems or devices they have seen brought into scope
  • Whether something can be both technically compliant and completely insecure at the same time, and whether there is such a thing as ‘too compliant’
  • Finer technical details of the Standard, such as Kubernetes network policies, how to evidence a control that never triggers, corporate VPNs that impact segmentation, and more.

    • Ask Alastair and Tibor a question.

    If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        

    You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts        

    Connect with us on LinkedIn   

     

    Brought to you by URM, the UK’s leading information and cyber security specialists.   

    ...more
    View all episodesView all episodes
    Download on the App Store
    InfoSec InsiderBy URM Consulting