demonstrable evidence of working on PCI DSS and ISO 27001 question?
chickenlicken09
Member Posts: 537 ■■■■□□□□□□
Hi Folks, for those working in info sec can you give me some examples of how you would demonstrate this on the job?
More specifically PCI-DSS, how do ye guys work with it?
More specifically PCI-DSS, how do ye guys work with it?
Comments
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□What do you mean how people work with it? PCI DSS is a standard and has a bunch on controls in it that companies have to have in place im order to be compliant, so this is more of a compliance issue with IT/Infosec being the implementators. For example, one of the controls says that you need to have a firewall in place and have it configured properly etcetera. So IT puts a firewall in place and the Firewall engineer sets it up in such a way that it is compliant with what the standard is requesting. Theres 12 controls in the standard i think.
-
thomas_ Member Posts: 1,012 ■■■■■■■■□□I don't work with it, but I'm pretty sure PCI-DSS has a SAQ your business fills out. The one your business needs depends on how the business handles credit cards. I'd imagine just going through the checklist and doing the things required would be working with it.
-
chickenlicken09 Member Posts: 537 ■■■■□□□□□□its just i see it listed in various info sec job specs "demonstrable evidence of working on PCI DSS and ISO 27001" but i hear you when you say its mainly just standards etc. Will take a look at the 12 controls.