Here are some tips recommended to companies to stay compliant year after year. Compliance report from 2011 by Verizon has some new suggestions based on QSA findings from their assessments of different businesses.
You will find one tip a week in our Omegasecure Blog site. Please bookmark and visit this site every week for a new tip.
Beware of PCI DSS verison 2.0.
Version 2.0 is stringent with more evidence required to prove compliance. The bar has been raised several notches and more or less everything requires actual logs and documentations.
Essentially logging of every acitivity is important. Firewall logs, event logs, scan reports– external and internal, remote control logs, and more all for a period of 365 days is now critical. CISO and other internal staff of companies have to work harder to maintain their status quo for the more rigorous requirements of PCI DSS 2.0.