PCI Security: Q&A with Anton Chuvakin, PCI Compliance Expert

by VPNHaus | 07/13/2010 |Expert Q&A, PCI

In the first of a two-part series, VPN Haus talks to PCI compliance expert Anton Chuvakin about the way the industry has misunderstood – and undervalued – PCI standards.

Beyond that, there are multiple other high risk areas.  Wireless is still one of the weak points, despite TJX and other breaches. Poor network segmentation where cardholder data resides on the same network as other non critical, often compromised, systems is another. Finally, insecure web applications are also one of the top vectors for card data theft.

VPN Haus: What needs to change for the industry to adopt a "security and risk" mindset versus a "compliance and audit" approach?

Next week VPN Haus continues this conversation with Chuvakin, tackling the mysteries of compliance and the prevalent “it won’t happen to my company” attitude.

Anton Chuvakin is a principal at Security Warrior Consulting, specializing in PCI DSS, SIEM and log management services for security vendors and enterprises. He also runs the  Security Warrior blog and is based in San Francisco.

[tweetmeme source=”vpnhaus” only_single=false]