There is a new Video Interview from the RSA Conference. It's on the Search Security (TechTarget) website. The interview covers why we formed the PCI Knowledge Base, and the relation between the PCI Knowledge Base, the PCI Security Alliance, and the PCI Standards Council.

It is about 13 minutes long. There is no swearing, so it's safe to show the kids. The questions asked include:

• PCI DSS has had companies scrambling for compliance. That's good for business but is it good for security? (0:12)
• Is the alliance still working with the PCI Council to set up a certification program for vendors? (0:48)
• We hear stories about assessors being not qualified and in some cases peddling vendor products. How do you respond to that? (2:52)
• PCI is more prescriptive than a lot of regulations. Are people pretty clear on the requirements or is there confusion out there? (4:55)
• In these last 14 months or so, what have you experienced that's been particularly frustrating and what you look back on with particular pride? What would you like to see happen in the next year or so? (5:55)

Here is the link:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1312050,00.html