Alastair is one of the most experienced and proficient Payment Card Industry Qualified Security Assessors (PCI QSAs) in the UK. Having gained a BSc in Computer Security & Forensics while working in IT support, Alastair went on to complete an MSc in Information Management & Security, before gaining his PCI QSA qualification in 2013. Alastair now has 10 years consultancy experience working with hundreds of organisations of all sizes and from a wide range of market sectors helping them to comply with the Payment Card Industry Data Security Standard (PCI DSS). As a PCI DSS specialist he has worked with all versions of the Standard from v2.0 onwards and is equally skilled in providing consultancy and assessment services. Under the consultancy umbrella, Alastair is adept at advising on ways to reduce PCI DSS scope, conducting gap analyses, remediating any areas of non-compliance and transitioning to the latest version of the Standard. On the assessment front, Alastair has completed in excess of one hundred successful reports on compliance (RoCs) against different PCI DSS versions along with supporting the completion of self-assessment questionnaires (SAQs).
InfoSec Insider
Season
1
, Episode
20
Preparing for a PCI DSS v4 Assessment
In this episode of InfoSec Insider, Alastair Stewart, Senior Consultant and Qualified Security Assessor (QSA) at URM, breaks down the changes to assessments in v4.0 of the Payment Card Industry Data Security Standard (PCI DSS), and how organisations can prepare for their v4 assessments. Alastair leverages more than a decade of experience with the PCI DSS to discuss:
- The types of evidence the PCI DSS requires, whether there are any new evidence types in v4 and preparing evidence in advance of your assessment
- How QSAs collected evidence when assessing previous versions of the PCI DSS and how this has changed in v4
- How these changes will impact assessments against v4
- His key advice for organisations undergoing PCI DSS v4 assessments
- Changes to the self-assessment questionnaires (SAQs) for both merchants and service providers, and whether any new SAQs have been added.
InfoSec Insider
Season
1
, Episode
5
PCI DSS – New Requirements for E-Commerce
In this episode of InfoSec Insider, Alastair Stewart, Payment Card Industry Qualified Security Assessor (PCI QSA) and Senior Consultant at URM, explores some of the new requirements for e-commerce pages in version 4.0 of the PCI Data Security Standard (PCI DSS), providing valuable advice and guidance on what organisations can do to remain PCI DSS compliant as they transition to v4.0. Alastair leverages his 10+ years of experience assisting organisations to comply with the PCI DSS to discuss:
- What the new requirements are for e-commerce pages in PCI DSS v4.0
- How organisations can go about meeting the new requirements
- Which organisations the new requirements for e-commerce pages will and will not be applicable to
- How challenging it will be for organisations to meet the new requirements
- Why the new requirements have been introduced
- Which of the new requirements for e-commerce pages have been added to the self-assessment questionnaires (SAQs) and which SAQs they have been added to.