Security Basics mailing list archives
How to learn PCI standards and become QSA
From: "Scott Race" <srace () jdaarch com>
Date: Mon, 2 Jun 2008 10:24:50 -0700
Hello, I have a new client who accepts credit cards, both online and at her small office/store. She holds credit cards #'s an unsecured .mdb database, and from my initial network audit she has a ton of other security related issues I need to address (weak passwords, firewall, encryption, physical access issues). Since she will need to become PCI complaint, a qualified QSA must scan her network (which I am not). I have began studying the materials I have downloaded off the Security Council website (Security Audit procedures, self-assessment questionnaires). It appears all I need to do is to fill out an application and give them $500 yearly to become a QSA? Is there any training you anyone can recommend? I have a strong background in network security, and I'm able to at least understand the basics of the requirements (though it seems there is room for interpretation). Currently I am just studying the requirements and applying them to what I already know. Thanks in advance, hope my question makes sense. Basically I want to learn this stuff the correct way and make sure I am addressing everything. ~Scott
Current thread:
- How to learn PCI standards and become QSA Scott Race (Jun 02)
- RE: How to learn PCI standards and become QSA Rui Pereira (WCG) (Jun 02)
- Re: How to learn PCI standards and become QSA J. Lion (Jun 02)
- Re: How to learn PCI standards and become QSA Jason (Jun 03)
- <Possible follow-ups>
- Re: How to learn PCI standards and become QSA lucianobmb (Jun 02)
- RE: How to learn PCI standards and become QSA Rui Pereira (WCG) (Jun 02)