SCWEpisode27

From Security Weekly Wiki
Jump to navigationJump to search

Security and Compliance Weekly Episode #27 - May 05, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Topic - The Rise of PCI - 12:00 PM-12:30 PM


Announcements

  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Description

Today we will discuss the PCI DSS and some of its myths, misunderstandings, and misconceptions, including: Why most vendors don't understand how their products fit within PCI, The six overall goals of the PCI DSS, Why PCI is perceived as a check box program, and more!


The six overall goals of the PCI DSS:

1. Build and maintain a secure network and systems<p> 2. Protect cardholder data<p> 3. Maintain a vulnerability management program<p> 4. Implement strong access control measures<p> 5. Regularly monitor and test networks<p> 6. Maintain an information security policy

Discussion topics:

Why most vendors don't understand how their products fit within PCI.<p> Why PCI is perceived as a check box program.<p> Vulnerability scanning vs. vulnerability management.<p> Why should we care.<p>




Hosts

Jeff Man's Content:

Topic Notes

My Five Part Blog Series about PCI originally published at Wired Innovation Insights:

  1. Cybersecurity Is About Attitude, Culture -- Not Strictly Compliance
  2. The Truth Behind Three PCI 'Myths'
  3. Five 'Truths' About PCI Compliance and Cybersecurity
  4. Best Practices for Cybersecurity, Part I: Keeping Bad Guys, Malware Out
  5. Best Practices for PCI, Cybersecurity Protection (Part II): Encryption and Tokenization

Josh Marpet's Content:

Topic Notes

PCI Drinking game. Everytime Jeff Man says "PCI", you drink. Security Weekly is not responsible for your bad decisions. Thank you!

Matt Alderman's Content:

Topic Notes

Scott Lyons's Content:

Topic Notes

2. News - PCI: A New Hope - 12:30 PM-01:00 PM


Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Description

Security, Compliance, and Breach News!


Hosts

Jeff Man's Content:

Articles

  1. Accidental Internal Data Breaches Are on the Rise. Here’s How to Protect Your Business.
  2. PCI Compliance is Vital to the Economic Engine of the World
  3. Chegg Confirmed Data Breach of Employee Records
  4. Despite spending more on compliance, businesses still have basic IT weaknesses
  5. Timely reminder about who bears responsibility for cloud security
  6. Dangers of Data Sprawl Increase during the Remote Work Revolution

Josh Marpet's Content:

Articles

  1. PCI isn't seen as important
  2. Paay is "More Secure"? Hmmm.
  3. SAQ-A is a joke
  4. PCI doesn't mean secure, heck after a year, it probably doesn't mean anything
  5. Retroactive revocation of PCI compliant status, should we discuss, or will Jeff get upset?

Matt Alderman's Content:

Articles

Scott Lyons's Content:

Articles