Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

VISA PCI DSS standard : Good or bad?

from [newslist@security-briefings.com] Network Security [Permanent Link]
Subject: VISA PCI DSS standard : Good or bad?
Date: Wed, 10 May 2006 23:23:56 +0200 
Hello all

Have you already face to the VISA PCI DSS standard?

In case of your IT system store , manipulate, send credit card numbers, as a security professionals, you need to follow and make compliant your system with what VISA called the PCI DSS standard. the goal of this standard is to ensure that credit card of our customers are safe from evil hackers or employees...Great Idea!

But for us,this standard have some weakness :
- Commercial electronic payment organization designed an insecure system and now they want us to pay to secure their business !
- To much focus on system and network security
- Only a quarterly scan with any VISA compliant scanner such as Qualys
- None pentest on application level is required and when you think that as pentesters we almost always succeed to compromise sensitive information such as credit card by a security bug at the application level , we do notice that it is the most important weakness.

Never mind... VISA PCI DSS is here ...and we must apply it.

There is some slides from Security Professionals Conference 2006 about this topic that's worth to be read : "Two Approaches to PCI DSS Compliance"
go to http://www.security-briefings.com for details and don't hesitate to post a comment on this topic

Regards

Newslist [at] security-briefings.com

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • VISA PCI DSS standard : Good or bad?, newslist@security-briefings.com <=
Previous by Date:  Physical, network, system and data security - organizational question, Netfortius
Next by Date:  US-CCU Cyber-Security Checklist (Final Draft), lists@infostruct.net
Previous by Thread:  Physical, network, system and data security - organizational question, Netfortius
Next by Thread:  US-CCU Cyber-Security Checklist (Final Draft), lists@infostruct.net
Indexes:  [Date] [Thread] [Top] [All Lists]