“Security and not just compliance” – As an industry security specialist we should accept the fact that we have missed behind the importance / need of information security and have started focussing on just compliance with compromising on security with the cost, technical expertise and lack of adaption with new technologies.
Five Finest steps to select a Qualified Security Assessor (QSA)
Thirdly, If your existing vendor guarantee you that you will be compliant within 6- 8 months’ time and put a certain date, you need to be cautious about that person/company immediately. If you select them and if a breach happens, you are the one who will be held responsible for the breach and damage will be to your company’s reputation and market share.
- Having the ability to think logically and analyse complex problems
- Be decisive, creative and flexible
- Problem-solving not a problem creator
- Trustworthiness and Reliability
- Ability to communicate other stakeholders in organisation and also must have project management skills.
- Have an intense interest in keeping up-to-date himself/herself with new developments in technology.
|PCI DSS Requirement 3 details technical guidelines for protecting stored cardholder data. Bank/ Merchants/Service Provider should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal and regulatory purposes. Sensitive authentication data must not be stored post- authorization (even if it is encrypted).|
Stage 2- Reduction in Scope
Stage 3- Gap Assessment and Implementation
Stage 4- Perform Wireless Scan/Vulnerability Assessment and Penetration Testing (Internal and External – Both Network and Application Layer)
Stage 5- Validation of PCI-Compliance
Stage 6- On-going Compliance Supervision and Stay Complaint