Re: PCI compliance questions

[sfmailsbm () gmail com]

Hi there,

(a) Start by downloading the PCI DSS standard: 
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html

(b) Go through it, it explains what information should be protected and describes in detaild the requirements expected 
from you

(c) hire a PCI DSS QSA (Qualified Security Assessor), he will perform a gap analysis at your site, help u setup an 
action plan and guide to to the long and painful road to compliance

(d) Check with your vendors (MasterCard, VISA, etc) for deadlines applicable to your organisation 

(e) before doing all this, involve your management in it, they must be the owner & sponsor of the implementation (you 
will need a budget to implement some of the PCI requirements)

Hope this helps

Gd luck!!

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------