Damon Cortesi's blog

Musings of an entrepreneur.

Oracle Database Security and PCI

| Comments

It was earlier this year that I became a PCI Qualified Security Assessor. For those not familiar with the Payment Card Industry, this basically means that I am now certified to validate an organizations compliance to the PCI DSS standards, a set of standards enforced by the PCI Security Standards Council to attempt to prevent credit card data theft such as the incident at TJX earlier this year, which has ultimately cost them $118 million. My experience in a broad set of security technologies as well as several years spent auditing various financial institutions left me well-positioned to achieve this certification. Nevertheless, I am always on the lookout for useful references I can continue to rely on.

I came across a good page on Oracle’s site today about Oracle Database Security and the Payment Card Industry Data Security Standard (PCI-DSS). It’s basically a big chart that describes how various facets of Oracle Database Technology can be utilized to meet the different PCI requirements. Quite useful when analyzing an environment with an Oracle backend. I’ll have to look around and see if other vendors have similar references. Then…I’ll have to automate it. grin

In a related note, I’m also maintaining a custom Google search for PCI information that I am expanding on a regular basis. Feel free to give it a shot:

<input type="hidden" name="cx" value="008867338432821481346:qislm559omw" />
<input type="hidden" name="cof" value="FORID:1" />
<input name="q" type="text" size="40" />
<input type="submit" name="sa" value="Search" />