On today’s Datanauts podcast we assess the current state of the PCI-DSS (Payment Card Industry Data Security Standard) compliance standard and its impact on your infrastructure and security operations. Our guest is Paul Snyder, an IT Risk Consultant for a large insurance agency.
In part 1 we walk through the basics of PCI, including the organizations behind it, which organizations are subject to the standard (anyone that processes credit card transactions), and the various assessment levels, from a do-it-yourself checklist to a visit from your friendly neighborhood QSA (Qualified Security Assessor).
Part 2 examines the scope of PCI in terms of the data its protecting and which systems fall under assessment. We also discuss the differences between compliance and security–they aren’t the same thing.
Part 3 offers advice on how to survive an assessment, the documentation you’ll need to provide, what to know about assessors, and how to work with QSAs to maximize a positive outcome (don’t lie, don’t try to play games).
State Of The SOC – Paul Snyder’s Blog