by Anton Chuvakin | February 12, 2013 | 9 Comments
As all of you already know, PCI Council has finally released an official “Information Supplement: PCI DSS Cloud Computing Guidelines” [PDF] aka “PCI DSS in the cloud.” Here are some of my favorite quotes from the 52 page [sadly, a bit, wooly] mammoth of a document: “The allocation of responsibility between client and provider for [...]
Category: cloud compliance PCI DSS Tags: cloud security, compliance, PCI, PCI compliance, PCI DSS
by Anton Chuvakin | December 16, 2011 | 2 Comments
PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the holes that attackers may exploit to steal the card data. So, this post is a reminder about the topic in general as well as about the fact [...]
Category: PCI DSS security vulnerability management Tags: PCI compliance, PCI DSS, vulnerability assessment, vulnerability management
by Anton Chuvakin | November 16, 2011 | Comments Off
It is with great pleasure that I announce my first published Gartner research piece. Ladies and gentlemen, please welcome “Maintaining PCI Compliance: Assess the Impact of Changes in Business, Technology, and PCI DSS”! It can be found in all its 47 page glory at http://www.gartner.com/resId=1849414 (subscription to Gartner IT1 required) The abstract follows below: “Merchants [...]
Comments Off
Category: announcement PCI DSS security Tags: PCI, PCI compliance, PCI DSS
by Anton Chuvakin | October 11, 2011 | 4 Comments
Everybody who has any relation to PCI DSS and payment data security has probably already read the “2011 PCI Compliance Report” report. You have not?! Well, you have a fine choice then: enjoy my highlights below AND THEN go read the full report; or just go and read the report now. One of my favorite [...]
Category: compliance PCI DSS security Tags: PCI compliance, PCI DSS
by Anton Chuvakin | September 14, 2011 | 2 Comments
Here is an interesting piece of research just published by another member of SRMS team, Mario Boer: “Comparing Endpoint Encryption Technologies.” The document “provides an overview of the various technologies available for endpoint encryption and their strengths and weaknesses, thus enabling security architects to revalidate their architecture.” I am highlighting it here due to its [...]
Category: encryption PCI DSS security SRMS Tags: encryption, SRMS
by Anton Chuvakin | September 9, 2011 | 2 Comments
Welcome, Gartner Blog Network readers! This is my first post here after joining Gartner on August 1, 2011. As a matter of quick introduction, I am now part of SRMS Burton IT1 team, focusing on PCI DSS compliance, vulnerability management, SIEM/log management, security metrics and other fun areas within broader information security. In fact, PCI [...]
Category: PCI DSS security Tags: information security, infosec, PCI, PCI compliance, PCI DSS, tokenization
