HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 74 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Featuresarrow /rootarrow [Article]-PCI DSS 2.0 Fun Facts
EH-Net
May 26, 2012, 03:39:37 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-PCI DSS 2.0 Fun Facts  (Read 9060 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3917


Editor-In-Chief


View Profile WWW
« on: January 01, 2011, 02:10:13 AM »
PCI DSS 2.0 is sure to have an impact on 2011, so why not throw out some highlights to get you going. Thanks again to Dr. Chuvakin for his second contribution to EH-Net and hopefully not the last.

Permanent link:[Article]-PCI DSS 2.0 Fun Facts

Quote




By Dr. Anton Chuvakin @ Security Warrior Consulting

Do not think of PCI DSS 2.0, that came out this October, as “PCI DSS 1.3!”

Instead, think about is as PCI DSS 1.2.2.  Despite the great fanfare, the changes in PCI DSS are small and tactical.  Don’t get me wrong, a lot of very useful clarifications, reminders and explanations have been added to the standards – both PCI DSS and PA-DSS.  However, a lot of media attention has made it sound as if the PCI Council has “changed everything … again,” and that is simply not the case.  Some of the requirements that are frequently seen by merchants as too specific have been made more generic, while some that have received criticism for being too have vaporous, have been tightened down.

Let’s go through a few of the interesting changes in PCI DSS and try to predict what the impact would be in the coming year of 2011 as PCI DSS 2.0 is put into practice.


Read the full article using the permanent link above, then please leave your feedback below.

Don

PS - The publilcation date and time for this article is 2011-01-01 01:01:11. All for you Anton!!  Cool
« Last Edit: January 01, 2011, 02:15:34 AM by don » Logged
CISSP, MCSE, CSTA, Security+ SME
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #1 on: January 01, 2011, 06:48:49 AM »
Nice article Anton.

I'm pleased to see that the standard is maturing, hopefully in a direction that will (at a minimum) increase the baseline security for organisations that implement the requirement rather than just pay it lip service and pray.

Especially like the clarifications around both internal scanning and I[D/P]S usage, I think it should make it easier for both admins and security teams to justify some of their activities and requests to those less technical higher up.

Finally I'm glad that I'm not the only one that didn't think 2.0 was that large a convergence from it's predecessor, thought I must be missing something.
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #2 on: January 01, 2011, 09:39:03 AM »
Dr. Chuvakin, thanks for a good read.  Pointing out the changes in PCI DSS, and highlighting some of the key points are always helpful when bringing this information to customers, so it's always good when we can point them to a reference, such as this article, even if only to begin conversations.

I'm pleased with the increased definition of VM technologies, and separating the functionality across multiple VM's.  That definitely makes it easier to define roles of said systems, and tighten them down better, as well as helping to validate security on the same systems, without having to analyze multiple systems, per VM (from the customer's perspectives.)  As pentesters, we love to have multiple avenues to pursue, but in recommending remediation steps to customers, it gives us greater ability to justify ourselves.  And that is a welcome change within the specs.

Also, as Andew noted, it's nice to see more clarity on the IDS/IPS side, for many of the same reasons.

@Andrew - I agree, I hadn't noticed THAT much change, and was hoping the same, that I wasn't somehow missing something really, glaringly obvious.  Glad to see that isn't the case.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.185 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.