| |||||
| |||||
Search Irongeek.com: ![]() ![]()
Help Irongeek.com pay for bandwidth and research equipment: |
Synopsis Bio David Sopata: I’m a QSA and I believe that the PCI DSS provides a good
starting point for organizations to help secure their cardholder data (CHD).
I believe that there are other controls within the PCI DSS that can help
prevent some security vulnerabilities that can squeak by bad web application
vulnerability assessments and poorly implemented web application firewalls.
It really does not matter what Gary thinks, because he will never be
compliant. I am a Senior Consultant for the Audit and Compliance group at
SecureState. At SecureState I have both led and participated on dozens of
engagements ranging from audit activities including SAS70(Yeah, I know SAS70
is, dead get over it! ) Now SSAE16/AT101/SOC, COBIT general
controls, Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Health Insurance
Portability & Accountability Act (HIPAA), and ISO 27001, and Gramm-Leach-Bliley
Act (GLBA) to technical assessments including vulnerability assessments,
war-driving, social engineering, and physical access. Some of my interest
include picking the locks to women’s chastity belts, teaching puddles how to
fly, and striking fear, doom, and despair into the hearts of PCI merchants
and service providers.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast