Archive for the ‘Compliance’ Category

In a video over at the SearchSecurity site, Ed talks about the:

questions that pose the greatest challenge to enterprises as they struggle to interpret the requirements; outlines recent and upcoming clarifications from the PCI Security Standards Council; and discuss strategies used in the field to reduce the complexity.

Does “one function per server” mean that we can’t use virtualization?
Must our penetration testing and/or quarterly scanning cover everything or just the cardholder environment?
If we miss one of our quarterly scans, does that mean we need to wait a full year to be compliant?
The requirements state individuals with a “legitimate business need” can view PANs. What does that mean?

BrightTalk is hosting a day-long PCI Compliance Summit on October 27th. Looks like they’ve put together a really solid agenda.

Diana will be presenting “Software Security for Compliance, PCI, and Beyond” at 10a Eastern. Please listen in if you have time!

PCI requirement 6 and sub-requirement 6.6 have caused confusion among retailers and merchants trying to understand how best to secure Web-facing applications. In this session, Diana Kelley explains web-application security, PCI requirement 6 and 6.6, and the PA-DSS and why creating secure code is essential to protecting assets. She provides an explanation of how security can be woven throughout the software development lifecycle and explains some of the most common web application security vulnerabilities.

Neil Roiter interviewed Ed for the October issue:

Larger companies have been built to have audits going on frequently. They are complex, so they have compliance programs,” says Ed Moyle, a manager with CTG’s information security solutions practice and partner at SecurityCurve. “That’s where the bigger costs come in. Smaller companies have been focused on growing revenue, not focused on a compliance program, and it’s very costly to retrofit.

I’ll be delivering a webinar on compliance in cloud computing environments for the BrightTalk Compliance Summit on July 7th at 3p Pacific.