Results 1 to 4 of 4

Thread: The State of PCI Compliance

Threaded View

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    The State of PCI Compliance

    As Director of Security for Evangelyze Communications my primary focus is on the security implications of VoIP and unified communications and helping our customers to understand the risks and implement effective security controls to protect their unified communications infrastructure. Another aspect of that security however is the issue of compliance. Organizations fall under a variety of regulatory mandates and industry guidelines and those compliance requirements often overlap into monitoring and retaining communications data.

    Organizations need to be familiar with the mandates they are obligated to follow, whether it is SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), PCI DSS (Payment Card Industry Data Security Standard), or others. Some organizations must comply with two or more of these depending on the industry they are in and the types of business they engage in. To achieve and maintain compliance, organizations need to understand what the requirements are for compliance regarding their communications. As it relates to unified communications, organizations have to grasp the implications of the converged communications channels. With instant messaging conversations archived in Outlook, and voicemail messages sent as file attachments via email, and email being able to be read over the phone by Microsoft Exchange using Outlook Voice Access, the lines are blurred between the types of communication and organizations have to be aware of this and put the appropriate controls in place to be compliant.

    PCI Compliance has been a particular focus of mine. I was the lead author and tech editor of PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance published by Syngress in 2007. Dr. Anton Chuvakin and I are co-authoring a 2nd edition of the book to be published later this year which will contain updated information related to revisions in the PCI DSS guidelines themselves as well as reflecting new information regarding the various breaches and issues that have occurred over the past couple of years. It will also have more real-world case studies and how-to guidance to provide more actionable material for the reader rather than just a theoretical description of the PCI DSS guidelines.

    This week I was the guest on a podcast recorded for BankInfoSecurity.com titled 'The State of PCI Compliance'. You can listen to the streaming audio by clicking here.


    Last edited by nihil; March 19th, 2009 at 11:51 AM. Reason: Link removed

Similar Threads

  1. Iptables Script / Tutorial
    By str34m3r in forum The Security Tutorials Forum
    Replies: 16
    Last Post: September 25th, 2006, 02:20 AM
  2. Customizing Back|Track....Need Some Help
    By earthrocker in forum Newbie Security Questions
    Replies: 7
    Last Post: August 5th, 2006, 03:43 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. Firewall Machine not connecting to port443
    By Natasha69 in forum *nix Security Discussions
    Replies: 1
    Last Post: November 8th, 2002, 09:45 PM
  5. Linux firewalling with Firestarter II
    By LeeryOne in forum The Security Tutorials Forum
    Replies: 0
    Last Post: July 18th, 2002, 06:07 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •