Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PCI Onsite Assessment - Part 1
Special Forums Cybersecurity IT Security RSS PCI Onsite Assessment - Part 1 Post 302418593 by Linux Bot on Tuesday 4th of May 2010 11:00:07 PM
Old 05-05-2010
PCI Onsite Assessment - Part 1
Image   Part One - Introduction to a PCI on-site assessment



This is the first chapter in a series about preparing for and going through a PCI assessment;

1.      Part One - Intro to a PCI on-site assessment & the QSA selection process
2.      Part Two - Preparation for an on-site assessment and what to do first!
3.      Part Three - Defining your scope so you know what you're assessing
4.      Part Four - Authoring a PCI On-site Assessment RFP
5.      Part Five - Selecting a QSA to conduct an on-site PCI assessment
6.      Part Six - Preparing your Company and I.T. department for the assessment
7.      Part Seven - Important documents to have to manage your assessment

Introduction; After recently going through the preparations for an on-site PCI assessment and QSA vetting and selection process (again for the third time) I figured I would pass on some of my experiences, opinions, tips and useful documentation to others.First let me say I think I have completely different perspective than 95% of the other PCI compliance bloggers out there. Second off to my knowledge the vast majority of other bloggers, but more specifically to PCI are either QSA's or external consultants. I have yet to find any others (and I am sure they exists) that speak to PCI from the merchant's point of view, whether it be from the compliance management or ground level I.T. security aspects.

When I first was tasked with seeking out a QSA, authoring a RFP, designing a scoring matrix to grade them ect. I quickly realized (I really knew this already) that this is nothing like trying to figure out which enterprise SIEM solution you want, or selecting a database solution. I would dare to say selecting (speaking from I.T.s view) a firm for and scoping a SOX audit is nothing compared to scoping a PCI assessment and selecting a QSA to perform it. I know because I have scoped and led SOX 404 audits as a compliance manager. Also when going out and searching the web for assistance, I found very little help or resources for merchants that spoke to these subjects such as the QSA selection process.

Yes we all know what the requirements are, and testing procedures blah blah blah, but when trying to author a RFP, defining a deliverable's management process, time-line, conducting QSA selection process/interviews, what questions  to ask to best gauge their practical experience with PCI and payment systems,  scoping the engagement properly, I found very little. Here's a shot out to the PCI guru for allot of help I got from him during this process back in the day.



Image
Image

More...
 

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl variable type assessment

Hello experts, How we can find out,that what is type of a scalar variable? i.e a scalar var contain a number or a string. Thanks in advance. (8 Replies)
Discussion started by: Zaxon
8 Replies

2. Shell Programming and Scripting

Performance assessment of using single or combined pattern matching

Hi, I want to know which pattern matching technique will be giving better performance and quick result. I will be having the patterns in a file and want to read that patterns and search through a whole file of say 70 MB size. whether if i initially create a pattern matching string while... (7 Replies)
Discussion started by: ananan
7 Replies

LEARN ABOUT OPENSOLARIS

pccbb

PCCBB(4)                                                   BSD Kernel Interfaces Manual                                                   PCCBB(4)

NAME

     pccbb -- cardbus bridge driver

SYNOPSIS

     device cbb
     device pccard
     device cardbus
     device exca

DESCRIPTION

     The pccbb driver implements the Yenta specification for CardBus bridges.

     The following PCI cardbus and pcmcia bridges are supported:

     Cirrus Logic PD6832
     Cirrus Logic PD6833
     Cirrus Logic PD6834

     O2micro OZ6812
     O2micro OZ6832
     O2micro OZ6833
     O2micro OZ6836
     O2micro OZ6860
     O2micro OZ6872
     O2micro OZ6912
     O2micro OZ6922
     O2micro OZ6933
     O2micro OZ6972
     O2Micro OZ711E1
     O2Micro OZ711M1
     Ricoh RL4C475
     Ricoh RL4C476
     Ricoh RL4C477
     Ricoh RL4C478

     TI PCI-1031
     TI PCI-1130
     TI PCI-1131
     TI PCI-1210
     TI PCI-1211
     TI PCI-1220
     TI PCI-1221
     TI PCI-1225
     TI PCI-1250
     TI PCI-1251
     TI PCI-1251B
     TI PCI-1260
     TI PCI-1260B
     TI PCI-1410
     TI PCI-1420
     TI PCI-1450
     TI PCI-1451
     TI PCI-1510
     TI PCI-1515
     TI PCI-1520
     TI PCI-1530
     TI PCI-1620
     TI PCI-4410
     TI PCI-4450
     TI PCI-4451
     TI PCI-4510
     TI PCI-4520
     TI PCI-[67]x[12]1
     TI PCI-[67]x20
     ENE CB710
     ENE CB720
     ENE CB1211
     ENE CB1255
     ENE CB1410
     ENE CB1420

     Toshiba ToPIC95
     Toshiba ToPIC95B
     Toshiba ToPIC97
     Toshiba ToPIC100

TUNABLES

     The driver supports the following tunable parameters, which may be added to /boot/loader.conf or set via the sysctl(8) command:
     hw.cbb.debug  Non-zero values cause more verbose information to be printed to aid in debugging problems with the bridge chipset.

SEE ALSO

     cardbus(4), pccard(4), exca(4)

BSD                                                                July 21, 2004                                                               BSD
All times are GMT -4. The time now is 01:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy