Welcome to MSDN Blogs Sign in | Join | Help

ARC Thoughts

This is a blog on architecture. Focus of this blog is to help technical decision makers with upcoming technologies so they can make informed decisions. Since I'm passionate about retail industry and payments industry, there will some bias towards those areas.
Microsoft PCI 07 Conference

PCI DSS deadlines are looming right around the corner. Retailers in general are rushing to  get the compliance just in time to avoid any penalties. This just shows the importance and criticality of PCI in retail. It has become a huge business and security issue for retailers. So to help the retailers, retail solution developers and the assessors in this process, Microsoft has put together its first PCI conference. It is in Redmond next week. You can learn more about it by visiting the official site.

Posted: Thursday, August 30, 2007 3:23 PM by mmoin

Comments

Danny Lieberman said:

I surfed over to the  MSFT PCI 07 home page.

Excuse me? It's about compliance and remote infrastructure???

"Microsoft remote infrastructure solutions can help ease the path to compliance with PCI and the ever-increasing number of proposed and passed state mandates

on data security"

The PCI DSS 1.1 requirements are a confusing and non-prioritized list of controls. Some are sensible things like modifying vendor provided passwords alongside of some very archaic things like using anti-virus to mitigate "threats".

This can result in a PCI auditor taking advantage of a merchant and overstocking them with security technology and professional services. We've seen this happen more than once.

An intelligent manager/business-owner will want to put her thinking cap on and tell the IT security people to "Show me the money"

PCI DSS 1.1 is abut improving payment card security - IT infrastructure is probably the worst possible place to start.

We've had great success with Level 2-4 merchants (over 8 million world wide) using PTA - Practical Threat Analysis. PTA  has over 7,000 users world-wide and a rapidly growing and enthusiastic user community.  The PTA PCI DSS 1.1 tool is available as a free download here at the Control Policy group web site -

http://www.controlpolicy.com/pcidss1%2C1selfassessmentsmadeeasy

If you have any questions please feel free to contact me by email (dannyl at software dot co dot il ) or phone 1 301 851 7122

Enjoy

Danny

# October 18, 2007 8:52 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker