This should no longer be used for PCI scoping exercises but is provided here for reference and historical purposes. Everyone should be using the PCI SSC Information Supplement on Scoping and Network Segmentation.
Announcements
If you are posting a comment, be patient, as the comments will not be published until they are approved.
If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.
I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.
PCI Guru Search
PCI Guru Recent Posts
- The PCI Dream Team Rides Again
- The Second Draft of PCI DSS v4 Has Been Released
- Join Me On September 3
- PCI Dream Team Is Back On BrightTalk
- The Security/Compliance Disconnect
- The 2020 PCI Community Meetings Go Virtual
- DevOps And PCI – Part 2
- DevOps And PCI – Part 1
- The Last (Hopefully) Scoping Discussion
- Upcoming PCI Dream Team Events
PCI Guru Top Posts
- One-, Two-, And Three-Factor Authentication
- Network Segmentation Testing
- Shared Services (aka Category 2 In Scope)
- In Scope versus Out of Scope
- Business Continuity And PCI
- Open PCI Scoping Toolkit
- iFrame Hack Reported
- PCI Compliance Scam? You Tell Me
- The 'MPLS Is A Private Network' Debate
- Miscellaneous Questions Page
Blogroll
- Anton Chuvakin Blog – "Security Warrior"
- Chip and PIN Blog
- Froud On Fraud
- Herjavec Group Blog
- Krebs On Security
- Nige The Security Guy
- NuArx Blog
- Online Business Systems Blog
- PCI DSS News And Information
- PCI France
- Postmodern Security
- PYMNTS.com
- SANS Cloud Blog
- Shift4 4titude Blog
- Ultra Secure Network Architecture
Professional Organizations
- Carnegie Mellon University CERT Division
- ETA's Encyclopedia Of Terminology
- Information Systems Audit and Control Association (ISACA)
- Information Systems Security Association (ISSA)
- InfraGard
- NIST Computer Security Resource Center
- PCI Security Standards Council
- US Department of Homeland Security CERT
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
