I've been researching PCI Data Security Standard this year and as you know I have a webinar coming up this week sponsored by GFI on "Exploiting Log Management and Vulnerability Scanning to Comply with PCI DSS". PCI is one of the most focused, specific and actionable security standards documents I've ever seen.
It's very interesting to note that while there are 12 requirements, they differ widely in how much effort they require for the average organization. While most of the 12 requirements are presented as process oriented, there are several that are mostly a one-time investment of effort with little or no ongoing work involved. Others, such as Requirements 10 and 11 are potentially massive never ending processes. I come from a software development background and as you know I am an Infosec guy today. The chart below gives you my take on the relative effort involved in the 12 different requirements of PCI DSS. The percentages given are based on how much work I think goes into initial implementation and then ongoing process work.
As you can see, monitoring (10) and testing (11) are among the top 4 biggest requirements in PCI based on my view. Take a look and tell me what you think and don't forget to register for the webinar where you will learn much more about PCI and how you can eliminate much of the effort in PCI compliance with log management and vulnerability analysis tools like those from GFI.
By the way, we will be giving away a free copy of Security Log Secrets Interactive Edition to 2 of the attendees! Maybe you'll be the one random number our generator chooses…
Wednesday, June 27, 2007 12:00 PM - 1:00 PM EDT
Register now
Can't make the live event? Register anyway to receive a link to the recorded version
To Unsubscribe from this list please follow this link
http://www.ultimatewindowssecurity.com/absolutenl/user-unsubscribe.aspx?s=11849&l=4
GFI also offers an excellent whitepaper on PCI DSS which makes the whole directive much easier to digest: PCI DSS made easy whitepaper
ReplyDelete