Recently, Tripwire had the pleasure of having Tim Masey, AAA’s Director of Information Security, to present a webinar discussing his company’s long journey towards PCI compliance.
During the webcast, listeners showed much interest on how to apply Masey’s successful approach to their current business needs. The majority of listeners stated their organization complies with at least two to four regulations, with PCI DSS 3.0 playing a primary role in their security efforts.
Although the implementation of PCI DDS 3.0 does not go into full effect until next year, Masey advises security professionals to get started now. Here is a list of some useful resources that can help you learn more on how to better prepare for this change:
This infographic outlines the changes in PCI DSS 3.0, including clarifications from PCI DSS 2.0 and many new or enhanced requirements.
The first of our compliance webcast series shares insights on the notable requirements and provides practical suggestions on what to start considering now, in order to successfully navigate audit preparations for v3.0. Jeff Hall, Security Consultant at FishNet Security, discusses how the new PCI will impact your organization and how to better understand the changes.
In the second episode of our webcast series, Adrian Sanabria, 451 Research Analyst and former QSA, discusses the QSA’s point of view on the future implementation of PCI DSS 3.0. Sanabria also highlights how PCI 3.0 may affect your organization’s Report on Compliance and the qualities of a good QSA.
If you missed the last of our webcast series, you can listen in on Tim Masey’s advice on how to move your PCI efforts from a small tactical implementation to a key critical component of your security posture. Masey discusses how to use your compliance efforts to gain more resources—financial, technical and human. Most importantly, Masey shares his approach to getting management’s support for stronger security.
This blog post by Branden Williams summarizes the v3.0 changes, including his thoughts on the positive changes and those that will be trickier to implement.
This report offers a global perspective on the state of PCI compliance, analyzing the trends and developments across the various industries and regions. Based on the research and data gathered, the report offers five key approaches for organization’s to improve their PCI program and comply more effectively.
This in-depth market research study conducted by Ponemon Institute reveals how organizations are applying rigorous and systematic analytical techniques to quantify and evaluate the security risks that impact an organization’s information assets and IT infrastructure. The report is available to download for free.
Tripwire provides solution information on how to reduce the cost of PCI compliance, in order to take full advantage of the benefits that come with the implementation, including operation of a more secure network, protection of corporate brand and reputation, and reduced risk of data breaches and network attacks.
The Open Scoping Framework Group created this “toolkit” aimed to facilitate the interpretation of the PCI guidelines for participating organizations. The toolkit provides a set of principles, a structured thinking process and tools to generate defensive and consistent scoping conclusions.
The PCI Security Standards council provides a library of downloadable documents, including ROC reporting templates, glossary of terms and AOC’s for merchants and service providers.
What other resources have you found helpful to better understand the new regulations? Share your resources by commenting below.
- PCI DSS Compliance is No Security Guarantee
- How PCI DSS v3.0 Will Affect Your Organization
- The Skinny on PCI DSS 3.0 Compliance Changes
- Part Two: PCI DSS 3.0 – The Devil is in the Details
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock