Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PCI - encryption requirements

from [Laurin Buchanan] Network Security [Permanent Link]
Subject: PCI - encryption requirements
Date: Tue, 18 Oct 2005 17:29:23 -0400 
Greetings, all,

A question has arisen and, like all the other posts here, I hope someone
might be able to assist me.  :>)

In the new PCI Data Security Standard for credit cards, the documentation
indicates a requirement for "strong encryption such as Triple-DES 128-Bit or
AES 256-bit", but no additional information seems to be provided.  My
explanations about strong encryption meaning strong algorithm (no
significant know weaknesses), long key length and appropriate key management
schemes are not going far.  I believe they want to see it in black and white
for themselves, as I have received a request to locate a definitive
"approved" list and/or a "not approved" list of algorithms for what
constitutes strong encryption - does anyone know of such a list published by
Visa or Mastercard??

Thanks in advance,

Laurin Buchanan, CISSP
Information Security 
MSC Industrial Direct
v: 516.812.1358




This e-mail is intended for the use of the addressee(s) only and may contain
privileged, confidential, or proprietary information that is exempt from
disclosure under law. If you are not the intended recipient, please do not
read, copy, use or disclose the contents of this communication to others.
Please notify the sender that you have received this e-mail in error by
replying to the e-mail. Please then delete the e-mail and destroy any copies
of it. Thank you.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Top Information Security Management Challenges in the Enterprise Today?, Josh Tolley
Next by Date:  Re: Top Information Security Management Challenges in the Enterprise Today?, Samir Pawaskar
Previous by Thread:  Top Information Security Management Challenges in the Enterprise Today?, Brad Bemis
Next by Thread:  RE: PCI - encryption requirements, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]