Mar 24 2010 9 mins 1
Over the past year or so, since the Heartland Payment Systems breach, we've heard a lot about the Payment Card Industry Data Security Standard (PCI DSS). What does 'PCI compliant' mean? Can a PCI compliant organization be breached? What's the role of the Qualified Security Assessor (QSA)?
Peter Spier, Senior Risk Management Consultant with Fortrex Technologies, has written a recent guest blog on PCI compliance, and in an exclusive interview offers insight on:
- The QSA's role;
- What's most misunderstood about PCI compliance;
- How organizations can maximize their compliance efforts.
Spier is President of the ISACA Western New York Chapter and a Senior Risk Management Consultant at Fortrex Technologies based in Frederick, Maryland. Peter attained his graduate degree from Syracuse University's School of Information Studies and over the course of 12 years of experience, has earned Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), Qualified Security Assessor (QSA), Information Technology Infrastructure Library (ITIL) Foundation version 3, and HITRUST CSF Assessor certifications; among other credentials.
