PCI Guru is written by a somewhat well known PCI QSA that shall remain nameless (think Stanley Bing). I travel a lot, so I’ll apologize ahead of time for my not being so good at keeping this up as I would like.
The purpose of this blog is to provide some common sense to the PCI compliance process and help people retain their sanity as they go through their compliance processes. The PCI DSS and related standards are not rocket science, they are just a set of security “best practices” that need to be followed to better ensure that cardholder data is properly protected. And while they are focused on cardholder data, a lot of what the PCI standards espouse is applicable to any personally identifiable information (PII) such as social security numbers and drivers license numbers. So, even if your organization has nothing to do with credit cards, the PCI standards can provide you a framework for dealing with PII security.
The comments made here are not approved by the PCI Guru’s employer and should not be construed as representative of the PCI Guru’s employer.
The PCI Guru participates in the Society of Payment Security Professional’s Forum. So, if you are looking for answers, you are always welcome to post your questions and concerns there. The Forum is possibly the best source of expertise and the best repository of information around on PCI. But since I helped generate it, I’m a bit biased.
If you have ideas for topics that should be addressed, the PCI Guru is always looking for new topics. Even a guru runs out of ideas at times.
If you find this blog useful and a good source of information, tell your friends. If you have issues with my opinions, tell me where you think I’m wrong. Guru’s are not always right, we just have a better track record than most.
Finally, as a QSA, I am also always looking for work. Yes, a shameless plug for work, but I have bills to pay just like everyone else. So if you have a PCI compliance project you would like assistance with, let me know. I am always interested in new opportunities.
The PCI Guru can be reached at pciguru AT gmail DOT com.
All content on the PCI Guru blog is copyright Jeffrey Hall, All Rights Reserved.
