By John •
August 31, 2016 •
I put together this series of sample PCIP questions and answers to help a friend who was revising for her PCIP exam. She passed and so I hope you also find them useful. It is a while since I actually took a PCI SSC exam and so these questions might
By John •
August 28, 2016 •
A recording was made of the webcast I made of the my 2016 RSA Presentation How to Explain Cybersecurity to the Board Using a Simple Metaphor: FIRE. The sound quality isn’t great but I’m pretty pleased with how it turned out.
It is rare for the DSS to get smaller, each version typically adds a few requirements based on lessons from forensic investigations of breaches of cardholder data. However, in the summary of changes from version 3.1 to version 3.2 published this week I noticed: <br><
By John •
August 12, 2015 •
I’m speaking about the trade off between network security and employee privacy at the International Association of Privacy Professionals (IAPP) European Data Protection Congress in Brussels on the 2nd December. In the face of modern cyber-threats, communication monitoring and surveillance are essential for the protection of corporate information. But
By John •
July 17, 2015 •
Question: Is pre-authorisation data in scope of PCI DSS? Answer: Yes. There’s quite a bit of misleading information on the internet about the status of pre-authorisation data. As far as all the card schemes are concerned there’s no difference between pre-authorisation data and post-authorisation data. If you store,
