Thursday, January 31, 2013

PCI SSC eCommerce SIG Report Released

The PCI Council's eCommerce Security Guidelines is released.  You can view the press release (click here) for all the details, and a link to the document is right here.

This report represents the combined efforts of many people in the PCI community, including Higher Ed institutions.

Wednesday, January 30, 2013

eCommerce SIG Report Out Jan 31

On Thursday, January 31, the PCI Council will release the eCommerce Special Interest Group's report:
Does your company accept payment cards over the Internet, or work with companies that do? Are you trying to select shopping cart software, or perhaps a web hosting provider, but want to be sure you're supporting your company's PCI efforts? Maybe you're not quite sure how PCI applies to this environment. The PCI DSS E-commerce Security Guidelines Information Supplement is developed by and for folks like you via an elected Special Interest Group.

A lot of people, including Higher Ed institutions, merchants, QSAs (including me), and others devoted a lot of time an energy into developing this report and the guidelines for best practices for eCommerce.

Be sure and check the Council's website (and here) for a link to the report.

Monday, January 21, 2013

PCI Workshop and PCIP Savings – Do The Math

The Treasury Institute’s PCI Workshop is a great opportunity for PCI education and networking with other institutions.  Because of the Institute’s focus on Higher Education and the participation of sponsoring organizations, the workshop is also a great value financially.  At $450, the price of the three-day PCI workshop is less than half what similar corporate workshops would be. 

At the risk of sounding like a TV commercial, I have to add: “But there’s more…”

This year the benefits are even greater thanks to the Institute’s partnership with the PCI Security Standards Council and NACUBO.  Workshop attendees will have the opportunity for PCI Security Standard Council's PCI Professional (PCIP) education at no additional cost, and by doing so attendees qualify for a significant discount on the test to receive their PCIP credential. 

The PCIP is a credential for industry professionals who demonstrate their expertise in and understanding of PCI standards. This credential is an individual qualification that does not require a sponsoring employer.  That is, it stays with the individual. 

Here are the details:
  • The PCIP credential requires an application fee and a test
  • Most applicants also take the PCIP eLearning, which workshop attendees may find they do not need after the PCIP education at the workshop. 

Here are the numbers:
  • There is a PCIP Application fee of $395 plus discounted exam fee of $225 (regularly $395) = $620.  For most people, I expect this is what they will spend.  Therefore, you save $170 on the exam, and you also save the $995 eLearning fee ($1,250 for non-Participating Organizations).   
  • Note: if you decide you still want the Council’s eLearning training, they have graciously agreed to let you apply your Treasury Institute/NACUBO $170 discount there, and spend a reduced total of $1,220 ($395 for the application, and $825 for the discounted eLearning, which includes the exam fee). 

How much will you save?  Well, if you attend the workshop and benefit from the PCIP education, you could save well over twice the cost of the workshop. To work out your own budget, be sure to see all the details at the Council’s website. 

There is no obligation to take the PCIP exam.  Attendees will, however, benefit greatly from this in-depth education.  Also, the Treasury Institute reminds everyone that attending the PCIP education is no guarantee you will pass the PCIP examination.  However, the PCIP education coupled with your diligent review of other PCI documentation on the PCI Council's website (which will be emphasized during the education) should prepare you well for the exam.  

If you already have the PCIP or even an Internal Security Assessor (ISA) credential, and/or you don't want to benefit from the education, the Institute's 10th PCI workshop is still for you.  As you will see by the agenda posted on the Institute’s website, there are parallel sessions where together with your peers we will delve into topics such as mobile commerce, point-to-point encryption, and scoping your PCI assessment.  Then after the PCIP education, we have the Higher Education PCI case studies separated into business and IT tracks.  It's all  detailed in the agenda.  

That means PCI Workshop benefits PCI newcomers and veterans alike.  And while the workshop will have two tracks this year, there will be plenty of time where we all will be together for important sessions, including our networking hours after both Monday and Tuesday. 

Monday, January 14, 2013

PCIP Credential Opportunity (and Discount!) at PCI Workshop

I am pleased to announce that the Treasury Institute, in coordination with the PCI Security Standards Council, is presenting a PCIP educational opportunity as part of the PCI Workshop.  This will provide attendees with an overview of the new PCI qualification and help in preparation for the PCIP exam.  To make this opportunity even more attractive, attendees qualify for a substantial discount on the testing fee.  

This means for your workshop registration fee, you get the bonus of the additional PCIP instruction plus a discount on the cost of attaining this credential. 

Here are the details.

The PCIP is a credential for industry professionals who demonstrate their expertise in and understanding of PCI standards. The PCI Council awards this qualification and serves as an impartial, third-party evaluator of each candidate’s knowledge of PCI standards. The Program is a direct result of feedback expressing interest in an individual qualification that does not require a sponsoring employer.
The PCI Council will provide this PCIP instruction as part of the Treasury Institute’s Workshop.  There is nothing extra to sign up for, and no additional cost for this bonus session.   At the end of the workshop, attendees will receive a code that gives them a significant discount on the PCIP testing fee.

This will be instructor-led education.  The PCI Council has agreed that any attendee who decides to take the full PCIP eLearning course afterward can use their code to receive the same discount on that, too.

To see the details of the PCIP credential, click here. 

There is no requirement to take the test for the PCIP credential if you don’t want to.  If you choose to take the test, your discount code will be good until May 30, giving you about three weeks after the workshop to apply to become a PCIP, and until June 30th to take the exam or the course + exam.  You should also understand that the PCIP education – while it is thorough – does not guarantee you will pass the test.

The PCIP education will be split over Monday afternoon and Tuesday morning.  We will have our Higher Ed PCI case studies with separate IT and Finance/Business tracks Tuesday afternoon.  This promises to be a very exciting agenda.  

I look forward to seeing you there.