BreachExchange mailing list archives
Re: OT? PCI Education Steak & Shake
From: "Clint P. Garrison MBA, CISSP, QSA" <garrison.clint () gmail com>
Date: Tue, 8 May 2007 15:42:36 -0500
Actually that is not correct... Visa and AmEx allows Level 1 merchants' internal auditors perform the PCI assessment, but a company officer has to sign off on it. Mastercards' Level 1 merchants have to have a QSA perform the assessment. If you are referring to the quarterly (external) scans, you would be correct. They have to be done by an ASV. Clint P. Garrison On 5/8/07, Kehoe, Matt <Matt.Kehoe () sephora com> wrote:
Having just gone through this, the biggest gotcha is that tier 1 retailers need a "3rd party assessment" which means you cant just execute compliance from within.... PCI standards still leave much to be desired, but it's a good step forward for retailing in general... -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Al Mac Sent: Tuesday, May 08, 2007 8:48 AM To: Data Loss Incidents Subject: [Dataloss] OT? PCI Education Steak & Shake OT because we have no info on any cyber security incident, but of interest what is considered to be state-of-art when it comes to preventing certain kinds of incidents. Steak & Shake restaurant chain has had to beef up its computer security because a rapid increase in their credit card transaction volume has taken them to more stingent tiers of PCI standards. The article shows us what hoops the chain had to jump through to meet the standards. What we do not see here is a perspective on security rules enforcement to avoid more incidents like TJX. There are also some statements in the article that I would take issue with. They imply stronger security than my understanding of reality. http://www.computerworld.com/action/article.do?command=viewArticleBasic& articleId=291415&source=rss_topic17 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 649 incidents over 7 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 649 incidents over 7 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 649 incidents over 7 years.
Current thread:
- OT? PCI Education Steak & Shake Al Mac (May 08)
- Re: OT? PCI Education Steak & Shake Kehoe, Matt (May 08)
- Re: OT? PCI Education Steak & Shake blitz (May 08)
- Re: OT? PCI Education Steak & Shake Clint P. Garrison MBA, CISSP, QSA (May 08)
- Re: OT? PCI Education Steak & Shake DAIL, ANDY (May 09)
- Re: OT? PCI Education Steak & Shake Kehoe, Matt (May 08)