PCI Guru is written by a somewhat well known PCI QSA that shall remain nameless (think Stanley Bing). I travel a lot, so I’ll apologize ahead of time for my not being so good at keeping this up as I would like.
The purpose of this blog is to provide some common sense to the PCI compliance process and help people retain their sanity as they go through their compliance processes. The PCI DSS and related standards are not rocket science, they are just a set of security “best practices” that need to be followed to better ensure that cardholder data is properly protected. And while they are focused on cardholder data, a lot of what the PCI standards espouse is applicable to any personally identifiable information (PII) such as social security numbers and drivers license numbers. So, even if your organization has nothing to do with credit cards, the PCI standards can provide you a framework for dealing with PII security.
The comments made here are not approved by the PCI Guru’s employer and should not be construed as representative of the PCI Guru’s employer.
The PCI Guru participated in the Society of Payment Security Professional’s Forum. Even though it is now shut down, it was possibly one of the best sources for expertise and the best repository of information around on PCI. But since I helped generate it, I’m a bit biased. That said, a lot of the people involved in the Forum read this blog and, from time to time, provide input on where I might have gone wrong and suggest corrections.
If you have ideas for topics that should be addressed, the PCI Guru is always looking for new topics. Even a guru runs out of ideas at times.
If you find this blog useful and a good source of information, tell your friends. If you have issues with my opinions, tell me where you think I’m wrong. Guru’s are not always right, we just have a better track record than most. Anyone that desires to quote me or reference this blog, I have no problem with that as long as you provide the proper attribution to the information you are referencing through a hyperlink back to the blog entry.
Finally, as a QSA, I am also always looking for work. Yes, a shameless plug for work, but I have bills to pay just like everyone else. So if you have a PCI compliance project you would like assistance with, let me know. I am always interested in new opportunities.
The PCI Guru can be reached at pciguru AT gmail DOT com.
All content on the PCI Guru blog is copyright Jeffrey Hall, All Rights Reserved.