Security Basics mailing list archives
RE: How to learn PCI standards and become QSA
From: "Rui Pereira (WCG)" <wavefront1 () shaw ca>
Date: Mon, 02 Jun 2008 12:09:03 -0700
Since your client appears to be quite small, why not just have her outsource her credit-card processing and avoid the PCI DSS trap altogether? Thank You Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA Principal Consultant WaveFront Consulting Group wavefront1 () shaw ca | www.wavefrontcg.com | 1 604 961 0701 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Scott Race Sent: June 2, 2008 10:25 AM To: security-basics () securityfocus com Subject: How to learn PCI standards and become QSA Hello, I have a new client who accepts credit cards, both online and at her small office/store. She holds credit cards #'s an unsecured .mdb database, and from my initial network audit she has a ton of other security related issues I need to address (weak passwords, firewall, encryption, physical access issues). Since she will need to become PCI complaint, a qualified QSA must scan her network (which I am not). I have began studying the materials I have downloaded off the Security Council website (Security Audit procedures, self-assessment questionnaires). It appears all I need to do is to fill out an application and give them $500 yearly to become a QSA? Is there any training you anyone can recommend? I have a strong background in network security, and I'm able to at least understand the basics of the requirements (though it seems there is room for interpretation). Currently I am just studying the requirements and applying them to what I already know. Thanks in advance, hope my question makes sense. Basically I want to learn this stuff the correct way and make sure I am addressing everything. ~Scott No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.24.4/1478 - Release Date: 02/06/2008 7:12 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.24.4/1478 - Release Date: 02/06/2008 7:12 AM
Current thread:
- How to learn PCI standards and become QSA Scott Race (Jun 02)
- RE: How to learn PCI standards and become QSA Rui Pereira (WCG) (Jun 02)
- Re: How to learn PCI standards and become QSA J. Lion (Jun 02)
- Re: How to learn PCI standards and become QSA Jason (Jun 03)
- <Possible follow-ups>
- Re: How to learn PCI standards and become QSA lucianobmb (Jun 02)
- RE: How to learn PCI standards and become QSA Rui Pereira (WCG) (Jun 02)