PCI Q&A Session with Retailers

del.icio.us

James Deluccia IV (Compliance Expert and Author of upcoming book on IT Controls) and I hosted an online seminar focusing on PCI Compliance last week. Bill Bartow moderated the session; Stephanie Weagle did an excellent job of managing the logistics. We had over one hundred Level 1 and Level 2 retailers, financial services organization and energy companies attend the session. All the participants were invited to ask us questions surrounding PCI –James and I went through these questions and provided our thoughts on how to address them. For an on-demand recording of the session, please check out: So you think you're compliant

Here are the top few popular questions (in no particular order):

What are the key data protection technology investments we should make to keep credit card data safe?
Should we be concerned with internal threat or external threat?
What exactly are the retention and encryption requirements for data at rest and data in transit?
What are the challenges around encryption projects and what are the compensating controls for encryption?
How do we address PCI 10 Audit Trail requirement? Are log scraping tools or SIM solutions adequate for this?
What are the expectations when it comes to securing the audit trail?
How should we discover and inventory where the credit card data is stored?
What type of reports should we generate and how should we manage the workflow with assessors and auditors?

If you have additional questions or comments, please email me below or at prat@tizor.com

Posted by Prat Moghe on Mon, Dec 10, 2007 @ 12:16 PM

Subscribe By Email

Browse by Tag

Keepers

Links of Interest

Blogroll

PCI Q&A Session with Retailers

COMMENTS