PCI DSS complince

by Elsadig Abdullah in News

Browse By

Calendar

May 2025
M T W T F S S
« Jan    
 1234
567891011
12131415161718
19202122232425
262728293031  

PCI DSS complince

Real Experience   ……zone.sd will keep your money safe………..               Real Benefits.   No one tells our story better than our training participants themselves. Here’s what Norma had to say… How does this training benefit you and your company? The instructor-led training provided a background in PCI

Real Experience   ……zone.sd will keep your money safe………..               Real Benefits.

No one tells our story better than our training participants themselves. Here’s what Norma had to say…

How does this training benefit you and your company?

The instructor-led training provided a background in PCI and gave me a better understanding of the various requirements. This helps me daily – in writing policies, standards, and guidelines to make our company’s network more secure.

What was the highlight of your training experience?

The personal instruction and lively classroom dynamic with the ability to learn from others’ questions. The instructor was knowledgeable and shared interesting stories from his professional experience that would be pertinent for me – and the class – on our PCI journey. Through this classroom experience, I gained insights as to what the 12 requirements mean and how best to apply them to my situation.

What aspects of the training are you most likely to use in your job?

I was happy to be able to apply the knowledge gained in my training immediately. As part of completing our SAQ-D, I am involved in coordinating a network re-design plan to segregate sensitive data per the applicable PCI DSSrequirements,  So I would say the section on requirement 1 and network segmentation was most useful for me.

Did you learn anything that surprised you?

I was amazed to learn the simple things a company can do to prevent a breach –covering the top three reasons a breach occurs was an eye-opener.

Would you recommend this training to others?

Absolutely yes! I appreciated getting PCI training directly from the experts that actually created the standards – and learning from instructors who have been QSAs and have tons of in-depth experience to share.

How Does This Affect You?

 This requirement has received the most attention, since it requires that assessments be performed annually at a minimum. More importantly, it requires assessments to be redone any time there is a significant change to your applications. If you are not currently performing assessments on a regular basis, this requirement may increase the number of assessments you need to perform. In today’s agile coding environment, changes are frequent and assessments should be performed just as regularly. Recommended Activity Establish a security program that performs assessments each time there are major changes in applications. The best practice is to perform continuous monitoring. 3 Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

. How Does This Affect You?

 As a response to many of the recent network layer vulnerability exploitations, PCI DSS has implemented changes that make applications using SSL and early versions of TLS no longer PCI compliant. Your web applications should not accept SSL or older versions of TLS. Also, it is not sufficient to just support newer version of TLS, you also have to disallow older versions in order to remain compliant

 How Does This Affect You?

 Historically, compliance with PCI DSS required maintaining a current list of all systems and their components. This requirement now goes further to say that you also need to understand what each component is doing in order to properly define the scope of the environment for implementing PCI DSS controls. In large environments, taking inventory is often labor intensive, time-consuming and complex. To alleviate some of that manual investment, you will want to automate as much of this as possible. Recommended Activity We recommend you perform quarterly discovery of environments. PCI doesn’t state that you must do this yourself; you can have a third party assist with this task as long as you are the overall owner and arbiter of the resulting list.

 How Does This Affect You?

In prior versions of the standard, you were not required to know and document what party is handling which activities related to the requirements. The updated requirement adds new, time-consuming, activities. 4 Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Programr data. Although those applications were already within the scope of the requirements, the PCI Security Standards Council has clarified and expanded the requirement to state that all classes of vulnerabilities—6.5.1 through 6.5.10—are now within scope. The vulnerabilities at issue are injection flaws, particularly SQL injection and OS command injection. Other vulnerabilities include buffer overflows into your cryptographic storage and your communication, improper error handling, and crosssite scripting. Recommended Activity The recommended activity here is relatively straightforward:

Please Login to Comment.