Cell phones have become ubiquitous in recent times. Everyone has one. Use of the cell phone as an authentication method is not only a convenient method of raising asurrance levels for logins, but it can also be a significant cost savings when compared to traditional methods. (continue reading…)
The PCI Ninja is just like you, except he is a PCI SSC QSA and a CISSP. And he
has a ninja outfit. Other than that, he’s just a regular guy trying to help you get
business done without PCI interfering. (continue reading…)
Reducing PCI Scope for the Enterprise Merchant
By definition, the scope of a cardholder data environment for a PCI assessment is
“any system that “stores, processes and/or transmits cardholder data.” Securing cardholder
data for many companies is daunting. But with a few simple steps the scope of the
cardholder data environment can be reduced, which can result in less time and money
lost attempting to secure the entire enterprise network. In many instances enterprise
merchants have a difficult time securing their entire cardholder data environment
in the time allowed by their acquirer. If a merchant can reduce the size of the cardholder
data environment by segmenting away a smaller section of the overall enterprise environment,
it will provide an avenue for them to become compliant more efficiently.
Part 1 – Encryption
Properly meeting the encryption related requirements for the PCI DSS can be one of
the most challenging areas for many organizations. We will be reviewing specific challenging
encryption requirements and breaking them down to help clarify what is really intended
by each requirement and what are some possible approaches to meet the requirements. (continue reading…)
Undergoing a PCI assessment can be a painful process. By taking steps to ensure your
organization is properly prepared, you can minimize the level of effort necessary
to complete your assessment.
The use of a centralized log server has often been highlighted in many of today’s security
best practices. The constant need to collect, retain and protect these sensitive security
event log files sometimes overwhelm security and systems administrators, especially
in large corporate environments. When properly configured, security event logs are
used to track user activity and access on specific systems or objects, and is a key
element when tying to piece up the chain of events leading to a security incident.
Many security administrators might know how cumbersome it is to manage such security
event log files, and sometimes seek third party vendors to help them manage their
security log files. The truth is that
many of these problems can be solved using native features of your server operating
system.
The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security
Standards Council released version 1.2 of the DSS on October 1, 2008. The new version
must be used by all organizations who begin a new PCI assessment after October 1st.
If your organization is currently undergoing an assessment you have until December
31, 2008 to complete it using the previous 1.1 version of the standard.
When developing an application for
the enterprise, product managers have long known the “must have” features that customers
demand. Output to crystal reports? – check. Support
for IIS?– check. MSI agent installer? check.
Companies that have already had to contend with the security regulations of Visa’s
CISP, MasterCard’s SDP, American Express’ DSOP and Discover’s DISC, before they were
bundled together as PCI DSS, may have witnessed widespread rolling of the eyes among
managers at the unveiling of Payment Application Best Practices (PABP). Just what
they need
–another spoonful of alphabet
soup to further complicate their lives. > (continue reading…)
If you have any questions about our services, please contact us.
(888) 4-TEVORA
Contact Us Now!
One Spectrum Pointe Drive, Suite 200
Lake Forest, California 92630.
Tel: 949.250.3290
Fax: 949.250.9993
Email: info@tevora.com
Driving directions
7485 Rush River Drive, Suite 710
Sacramento, CA. 95831
Tel: (888) 4-TEVORA
Fax: 925.369.0307
Email: norcal@tevora.com
Driving directions
Tevora South America
Alameda Jaú
1742 / 8 Andar
CJ 81 - São Paulo - Brasil
Tel:+55 11 3063-1853
www.tevora.com.br