Home page logo
/

basics logo Security Basics mailing list archives

RE: How to learn PCI standards and become QSA
From: "Rui Pereira (WCG)" <wavefront1 () shaw ca>
Date: Mon, 02 Jun 2008 12:09:03 -0700

Since your client appears to be quite small, why not just have her outsource
her credit-card processing and avoid the PCI DSS trap altogether?

Thank You
 
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA,CWNA
Principal Consultant
WaveFront Consulting Group
 
wavefront1 () shaw ca | www.wavefrontcg.com | 1 604 961 0701
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Scott Race
Sent: June 2, 2008 10:25 AM
To: security-basics () securityfocus com
Subject: How to learn PCI standards and become QSA

Hello,
I have a new client who accepts credit cards, both online and at her
small office/store.  She holds credit cards #'s an unsecured .mdb
database, and from my initial network audit she has a ton of other
security related issues I need to address (weak passwords, firewall,
encryption, physical access issues).

Since she will need to become PCI complaint, a qualified QSA must scan
her network (which I am not).  I have began studying the materials I
have downloaded off the Security Council website (Security Audit
procedures, self-assessment questionnaires).  

It appears all I need to do is to fill out an application and give them
$500 yearly to become a QSA?  Is there any training you anyone can
recommend?  I have a strong background in network security, and I'm able
to at least understand the basics of the requirements (though it seems
there is room for interpretation).  Currently I am just studying the
requirements and applying them to what I already know.  

Thanks in advance, hope my question makes sense.  Basically I want to
learn this stuff the correct way and make sure I am addressing
everything.


~Scott


No virus found in this incoming message.
Checked by AVG. 
Version: 7.5.524 / Virus Database: 269.24.4/1478 - Release Date: 02/06/2008
7:12 AM
 

No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.524 / Virus Database: 269.24.4/1478 - Release Date: 02/06/2008
7:12 AM
 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]