A bit about the primary author of the site:
James DeLuccia IV has focused on risk management (insurance & business) and IT Security with an almost absolute focus on IT Controls (the merging of risk management and IT Security). I believe in transparency when it comes to meeting regulations and therefore have dedicated this simple site to communicating and clarifying what I can on the Payment Industry’s data security standard (lovingly known as PCI DSS). I will try to differentiate opinions from fact when possible. I am also in the process of developing a sister site to tackle the global crisis of international regulations and controls – a subject I have also addressed in a book that will be on the shelves in January of 2008.
My current projects focus on global regulation: Compliance-Control challenges faced by organizations and achieving operational / organization efficiency and compliance. Broadly this involves five continents, 31 nations, nearly 40 legal mandates, and an equal number of guidance articles. Specifically, I work with organizations to merge compliance concerns, such as PCI DSS v1.2, AS5, HIPAA domestic state and international privacy/breach laws, and EU Safe harbor requirements.
In addition, I have been fortunate to be a featured speaker at the most recent Association of Certified Fraud Examiners annual conference, the Institute of Internal Auditors Risk and Control Conference, ISACA, ISSA, RSA, RSA Europe, and for the Payment Industries recent seminar series.
I have sat through and passed the VISA certification exam and am currently a QDSP, CIA, CISA, CISM, CPISA, CPISM, CISSP, and hold an MBA in Finance.
This site is an open discussion – please add your experiences so we may all grow together. Of course, my writings and the associated comments are the sole opinion of the author’s and do not reflect any employer or regulatory opinion.
Best regards,
James DeLuccia IV
This work is licensed under a Creative Commons License.
James,
I’m the online editor for http://www.complianceexecutive.com, a site being launched in January. It will focus on governance, risk, compliance, and data intergrity. One section I’m looking to include is a ‘Blog Spot’. This isn’t for our own site, but instead it’s a showcase for other blogs discussing issues relating to Compliance Executive.
Each week I was hoping to feature a different blog, including the most recent/pertinent comment, and a link the blog, with a bit more info about the content, purpose, etc.
I was therefore hoping to establish whether you would be happy for me to use your blog for this purpose.
I appreciate you’ll want more info, but if you are interested please feel free to email me and I will do my best to answer any questions you may have.
Thanks for your time and I look forward to hearing from you.
Kind regards,
Jon
Hello,
I am the engagement manager at PwC for the PCI emerging technology research project that was publically announced yesterday. Please contact me directly so that we can collaborate. We want to listen to the industry. Look forward to hearing from you.
Best regards,
Nathan
My name is Michael Sasaki and we (OuterJoin, Inc.) are the new owner of The Compliance Authority (www.thecomplianceauthority.com). Our goal with The Compliance Authority is to offer highly visible areas of our leading compliance website as a marketing tool for compliance service providers and vendors, who are experts in compliance and want to write compliance articles, blog posts, press releases, and white papers for The Compliance Authority. Additionally, The Compliance Authority is an expert in hosting compliance webinars, which takes the stress away from the company presenting and allows them to focus strictly on their presentation.
We have partnered with LeadForce1, which allows us to pass on to you qualified leads that have read your articles, blog posts, press releases, white papers and attended your webinars. The leads that we pass on to you have full contact information (company name, individual name, phone number, email address, how long they spent on a specific article, etc.). I am interested in working with you in any way you think is beneficial. The Compliance Authority will prove to be extremely beneficial to you from a marketing and lead generation standpoint. Please feel free to contact me and we can discuss further.
Best regards,
Michael Sasaki
The Compliance Authority
http://www.thecomplianceauthority.com
mike.sasaki@thecomplianceauthority.com
Really nice blog James.
Bookmarked and will revisit
Hi,
I was hoping you might have links / resources on how to map the critical controls to the pci requirements.
Do you have any idea on where I should go for that info?
Any help you can give would be appreciated.
Thanks,
Sarah