As the hundreds of non-rss readers know, a few days ago I switched the theme of this site to a simpler and easier to read layout. So, if you were tired of the dark fonts and murky background please come by and let me know your feedback. I will still focus on PCI DSS, of course, but will be continuing to expand the topics covered on this site to include global IT control regulations. What does that mean? Well, any standard U.S., EU, and anywhere else will be given some room. I will attempt to not merely repeat the obvious when news breaks, but instead focus on posting intelligent perspectives on the changes around the world.
Another change to the site is the “NEWS Feed” on the right hand side of this site. Please check it out, and feel free to set those as an RSS feed too. The NEWS Feed is my filter on what is important around the globe on the above topics. I sort through literally hundreds of posts, news items, client emails, and service provider information in an attempt to clear out the noise.
It is a new year (my fiscal year clearly is not following the Dec 31 date), and the plan for this site is simple. Keep posting helpful information whenever possible, and don’t simply post to post. On a personal note, I will update the Press Release page and About soon – and look forward to everyone’s comments and suggestions.
Always,
James DeLuccia IV
Categories: CoBIT · Compliance · FERC · GLBA · IT Controls · ITIL · NERC · PCI DSS · ROI · Risk Management · Sarbanes-Oxley · Security · State Laws · regulations · sox
The Texas House of Representatives is in the process to enacting House Bill 3222 that will codify the Payment Card Industry Data Security Standard into law. Specifically the law provides safe harbor those companies that are compliant with PCI DSS, and places liability for card re-issuing fees to those who are not compliant. This has much more momentum than the Mass. bill, and has tremendous support.
This is a trend that should be expected to domino across the country, as breaches due to another parties lack of controls continue to impact businesses in other regions.
Direct link to voting status of HB 3222
Direct link to the full text of the Engrossed Version (html version)
UPDATE: Tis true, passed with absolute certainty. Shall we begin the count down till the rest of the country catches on?
I guess the saying is true – you shouldn’t mess with Texas
Best,
James DeLuccia
**Great expansion on this topic may be found from great bloggers may be found at Michael’s site, and Merchant Blog.
Categories: Compliance · IT Controls · PCI DSS · Security · State Laws · regulations
Today the Payment Card Industry Security Standards Council announced a forum that will allow for feedback and debate (in a collaborative manner) between the council members and those that handle the audits. While this is meant for those that conduct the audits – this is a prime opportunity for merchants and processors to place questions, challenges, and suggestions to their auditors. So, work up those questions and get them to your auditor (and of course make sure they are going to the conference)!
“The PCI Security Standards Council (PCI SSC), an independent industry standards body providing management of the Payment Card Industry Data Security Standard (DSS) on a global basis, today announced that it has implemented formal channels for stakeholders to contribute to the organization and development of data security standards.
As part of its commitment to collaboration, the council announced it will be holding a community meeting in Toronto, Canada on September 17-19th. The three day meeting will give participating organizations and PCI SSC approved Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) the chance to interface with Council executives and committee members and to hear perspectives from representatives from across the payment chain on their direct experience in the field.”
Link to official Press Release
James
Categories: Compliance · PCI DSS · Security · regulations
