The ability to accurately scope and segment your PCI environment is a critical first step of an effective and sustainable PCI compliance program. The PCI Standards Council published the "Information Supplement: Guidance for PCI DSS Scoping and Segmentation" to help organizations identify the systems that are in scope for PCI DSS; and also offers considerations for using segmentation to reduce the number of systems in scope for PCI DSS controls. Executing these activities is not always easy for many organizations.

AWS launched its new event, re:Inforce, last week and engaged thousands of security practitioners and professionals in a conversation that is top of mind for everyone: SECURITY. The buzz at the event confirmed it.

Credit card payment processing methods and the infrastructure and systems that support these processes have evolved significantly over the years. It is not uncommon to have applications where the software stack is running on different compute platforms and geographically dispersed. Organizations are also using third-party cloud services to deliver discreet activities in the shopping and payment process. As the scope of PCI broadens to include an increasing range of on-premise and third-party services, and a combination of old and legacy technologies, visibility and control become more critical.  

The shipping and energy infrastructure around us can be pretty inspiring. It reflects years of labor by our men and women, the scale of our economy, the power of our ingenuity. If you sit for a while and watch the ships coming in and out of harbor, you feel connected to history and the wider world. Yet cargo is not the only thing that’s moving.

"Reduce your attack surface..." 

"Minimize the blast radius..."

Marketers use these doomsday metaphors to scare seasoned security pro's from day-to-day paranoia into action!