mailing list archives
How to learn PCI standards and become QSA
From: "Scott Race" <srace () jdaarch com>
Date: Mon, 2 Jun 2008 10:24:50 -0700
I have a new client who accepts credit cards, both online and at her
small office/store. She holds credit cards #'s an unsecured .mdb
database, and from my initial network audit she has a ton of other
security related issues I need to address (weak passwords, firewall,
encryption, physical access issues).
Since she will need to become PCI complaint, a qualified QSA must scan
her network (which I am not). I have began studying the materials I
have downloaded off the Security Council website (Security Audit
procedures, self-assessment questionnaires).
It appears all I need to do is to fill out an application and give them
$500 yearly to become a QSA? Is there any training you anyone can
recommend? I have a strong background in network security, and I'm able
to at least understand the basics of the requirements (though it seems
there is room for interpretation). Currently I am just studying the
requirements and applying them to what I already know.
Thanks in advance, hope my question makes sense. Basically I want to
learn this stuff the correct way and make sure I am addressing
- How to learn PCI standards and become QSA Scott Race (Jun 02)