An Information Security Place

I received an email from Thomas Frazier, Product Strategy Manager at Cybertrust, in response to my post regarding the Cisco / Cybertrust PCIDSS partnership. I have not had time to study the response closely, so I am merely posting it here now. I will read it more closely later and respond as I have time.

In regards to the Computerworld story, I would like to clarify some information that was not included in the story. Regarding the relationship between Cybertrust and Cisco, Cybertrust — like other security professionals — is the first to acknowledge that it is the implementation of PCI DSS that helps organisations achieve compliance, and not the products that are purchased. As the PCI DSS covers everything from building a secure network to maintaing a security policy to protecting cardholder data, it is important to place the Secure Store solution in the proper context. Large, medium and small retailers can use Secure Store reference architectures as a means to reduce the amount of remediation and assessment effort required to become compliant. Cybertrust has certified PCI assessors, myself included, around the globe who provide a consultative approach to PCI. We were engaged by Cisco based on our reputation in the PCI and compliance space. To my knowledge this is the only offering where extensive work has been done to align reference architectures against this standard. I believe that this initiative from Cisco was driven by the merchant and service provider community looking for help from the security industry in regards to PCI. Secure Store is Cisco’s response to that.

Vet