Zero Trust Architecture in PCI DSS

In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, share their insights on zero trust architecture and its use when complying with the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage 30 years’ combined experience with the PCI DSS to discuss:

• What ‘zero trust’ is
• Whether organisations with zero trust still need segmentation, or whether identity is enough
• How to prove least privilege when access is dynamic and granted on demand, and how to handle sampling for PCI DSS evidence when access changes continuously
• The biggest zero trust implementation mistakes that cause PCI DSS challenges later
• Which logs matter most to prove that zero trust is actually protecting the cardholder data environment (CDE)
• And much more.

Ask Alastair and Tibor a question:   https://urmconsulting.com/podcasts/zero-trust-architecture-in-pci-dss

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider        

You can find more episodes of InfoSec Insider here:  https://urmconsulting.com/podcasts       

 Connect with us on LinkedIn

Brought to you by URM, the UK’s leading information and cyber security specialists.