Gartner Blog Network

Tag: 'pci-dss' Blog Posts

from the Gartner Blog Network

Best Practices in PCI DSS 3.1 are now required

by Jonathan Care  |  August 13, 2015

PCI DSS 3.1 became effective April 15, 2015, and impacted organizations were given some "Best Practices", with a clear indicator that on July 1st, 2015 these would become required. So...

Read more »

Finally, PCI DSS In The Cloud Guidance

by Anton Chuvakin  |  February 12, 2013

As all of you already know, PCI Council has finally released an official  “Information Supplement: PCI DSS Cloud Computing Guidelines” [PDF] aka “PCI DSS in the cloud.” Here are some...

Read more »

The Politics of Encryption in PCI DSS (part 2)

by Ramon Krikken  |  April 17, 2012

In my last post, commenter Randall Gamby notes that "of course [tokenization is encryption]. " I wholeheartedly agree. But unfortunately the current PCI guidance does not, and cannot support this...

Read more »

Restarting the Discussion: Tokenization is Encryption (part 1)

by Ramon Krikken  |  April 11, 2012

It's been a while since I blogged about tokenization. My last post on the subject drew some interesting comments - and conflicting comments at that: one commenter argued equating tokenization...

Read more »

Card Processor Breaches - Can You Really Fix a Broken Business Process?

by Ramon Krikken  |  March 30, 2012

Although we have little information available at the moment about the latest credit card processor breach (source: Krebs on Security), it is a good opportunity to continue the conversation on...

Read more »

On PCI DSS and Scanning

by Anton Chuvakin  |  December 16, 2011

PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the holes  that...

Read more »

My First Gartner Research Piece Published!!!

by Anton Chuvakin  |  November 16, 2011

It is with great pleasure that I announce my first published  Gartner research piece. Ladies and gentlemen, please welcome “Maintaining PCI Compliance: Assess the Impact of Changes in Business, Technology,...

Read more »

I'll go ahead and say it: Tokenization IS Encryption

by Ramon Krikken  |  October 14, 2011

Yesterday at RSA EU 2011 I had a chance to present my "towards secure tokenization algorithms and architecture" talk, and it gave me an opportunity to validate some thoughts on...

Read more »

PCI Report 2011 and PCI Community Meeting 2011

by Anton Chuvakin  |  October 11, 2011

Everybody who has any relation to PCI DSS and payment data security has probably already read the “2011 PCI Compliance Report” report. You have not?! Well, you have a fine...

Read more »

On PCI DSS Tokens

by Anton Chuvakin  |  September 9, 2011

Welcome, Gartner Blog Network readers! This is my first post here after joining Gartner on August 1, 2011. As a matter of quick introduction, I am now part of SRMS...

Read more »