Subscribe

Managed Video as a Service

The place to learn about and discuss Managed Video as a Service

15

Jul

PCI Nightmare

rhagens  in PCI Compliance and Video

I was flying my boat to the moon the other night, when John Glenn asked me to review the list of PCI requirements still to be completed (or remediated, in PCI argot). The list … shows we haven’t started … almost 270 items to go … its all blank … oh no … beep-beep-beep and my alarm clock wakes me up. Yet another PCI nightmare is over. The good news, however, is that we are done with this process and now technically have passed our PCI-DSS audit. Woo-hoo!

What were the pitfalls we encountered? Verisign has a nice list of the top PCI audit failures. The areas where companies most commonly fail are generally what you might expect: failure to protect stored data, failure to test security systems and processes, failure to assign user’s a unique id to access a system, failure to install a strong firewall configuration, etc.

However, there are a couple of areas in the top 10 that are pretty frightening to discover still exist in 2008, such as failure to change default system passwords and failure to restrict physical access to cardholder data.

How did Envysion do against the averages?

I’ll share that tomorrow.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

2 Responsed To This Post

Subscribes to this post comment rss or trackback url
mygif_alt
cynthia said, July 15th, 2008 at 1:35 pm

Your nightmare scared me! Way to go on achieving compliance.

mygif
James Sweet said, July 15th, 2008 at 1:43 pm

I can't believe after all we've done and been through that you're still having PCI nightmares. That really sucks.

Response To This Topic

Please Note: The comment moderation maybe active so there is no need to resubmit your comment