In this episode of InfoSec Insider, Alastair Stewart and Tibor Laczko, both Senior Consultants and Qualified Security Assessors (QSAs) at URM, offer their advice on the systems and controls that are often overlooked in relation to the Payment Card Industry Data Security Standard (PCI DSS).  Alastair and Tibor leverage nearly 30 years’ combined experience with the PCI DSS to discuss: 

• Why the PCI DSS covers systems that don’t store card data, such as DNS servers or time servers


• Why time synchronisation (NTP servers) is a PCI requirement


• How card data can leak through system logs and how this can be avoided


• Printers, custom error messages, IoT devices – why they’re in scope and how to maintain compliance.

Ask Alastair and Tibor a question: https://www.urmconsulting.com/podcasts/pci-dss-the-overlooked-systems

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here:  https://ratethispodcast.com/infosecinsider    

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts    

Connect with us on LinkedIn    

Brought to you by URM, the UK’s leading information and cyber security specialists.