Home page logo

basics logo Security Basics mailing list archives

How to learn PCI standards and become QSA
From: "Scott Race" <srace () jdaarch com>
Date: Mon, 2 Jun 2008 10:24:50 -0700

I have a new client who accepts credit cards, both online and at her
small office/store.  She holds credit cards #'s an unsecured .mdb
database, and from my initial network audit she has a ton of other
security related issues I need to address (weak passwords, firewall,
encryption, physical access issues).

Since she will need to become PCI complaint, a qualified QSA must scan
her network (which I am not).  I have began studying the materials I
have downloaded off the Security Council website (Security Audit
procedures, self-assessment questionnaires).  

It appears all I need to do is to fill out an application and give them
$500 yearly to become a QSA?  Is there any training you anyone can
recommend?  I have a strong background in network security, and I'm able
to at least understand the basics of the requirements (though it seems
there is room for interpretation).  Currently I am just studying the
requirements and applying them to what I already know.  

Thanks in advance, hope my question makes sense.  Basically I want to
learn this stuff the correct way and make sure I am addressing


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]