Cisco Blogs


Cisco Blog > Cisco Interaction Network

PCI Compliance Made Simple

September 22, 2011 at 10:16 am PST

ID Please?

Many have argued that the PCI DSS, Payment Card Industry Data Security Standard is too complex to be realistic in a real-world environment. Cisco takes the opposite stance maintaining that the principles and security standards contained within the documentation should actually be considered a minimum. The true challenge being not in the implementation but in the ongoing management -- the maintenance if you will.

This show promises to layout a simplified view of the standard with real-world, practical advice where anyone can find exactly how they would apply their unique situation. We have pulled out all the stops with our story-telling and top notch guests as we have members of the standards board, networking experts and certifies QSA auditors joining us.

PCI. It’s not just for Breakfast

It’s amazing how many networks fall into the “compliance required” category.  For PCI it only takes one credit card transaction to be at risk…but rather than focus on the negativity of the required audit – this topic and the maturity of the standard is actually good for ANYONE interested in protecting their data.  You may have the typically binary response as to whether this show applies to you…but I think you need to give it a go.  You may be surprised….the show and the Shownotes are after the jump.

Read More »

Tags: , , , , , , ,

When Are You Adding a CVO to Mahogany Row?

What’s a CVO?  A Chief Video Officer. A senior officer in your bank who is responsible for developing your video strategy, executing on that strategy and measuring and reporting its results. Read More »

Tags: , , , , , , , , , ,

Keeping Your Cards Close to the Vest?

While there is a world of difference between a deck of 52 and a deck of credit cards, it is still wise to hold those payment cards close to the vest. A solid part of protecting those cards from prying eyes is ensuring your insurance firm is compliant with the Payment Card Industry’s Data Security Standard.

Is PCI compliance important to insurers?  Every carrier CTO and CIO I have asked has said , “Yes, it is…and we are working on it now.” I’d venture to say, as with all compliance and risk management it is not a one-and-done effort, as regular reviews are required.

Today, April 14, 2011, Cisco announced its newest work in the area of helping companies across all industries comply with the PCI DSS 2.0 guidelines. And since the PCI DSS guidelines apply to all companies—including insurance—that transmit, process or store credit card transactions and cardholder information, I’ve recorded a video in which I discuss the PCI DSS standard and its applicability to insurance.

Cisco is at the table with its customers when it comes to enabling PCI compliance and is an active member of the Payment Card Industry Securities Standard Council’s Board of Advisors. We completed a new Cisco Design and Implementation Guide that includes 30+ Cisco and technology partner products that have been examined by an auditor.

Technologies involved in the assessment include core routing, switching and wireless, plus collaboration and physical security technologies.

Partners involved with this solution include VCE, HyTrust, RSA, EMC and Verizon Business who is the auditor.

Make sure you don’t show your cards….your credit cards…..at all times.

Tags: , , , , , , , ,

What does it take to be PCI Compliant ?

Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.

I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.

Read More »

Tags: , , , , ,

Does PCI DSS compliance improve your security effectiveness ?

I was reading an article recently about what auditors really think about the security and compliance requirements that they test for when doing a PCI DSS compliance audit. I was more than a little surprised to read that over 60% of the 505 auditors in the study referenced said the organizations they audit don’t believe compliance improves their data security effectiveness. I’m a bit perplexed by that. After all, there are only 12 requirements in the PCS DSS specification, and they seem pretty straightforward and simple to me. Read More »

Tags: , , , , , ,