“How can we reduce the scope of PCI DSS Scope?” is a questions I get in most of the consulting / auditing engagements. Some of them were looking for network segmentation and others were looking for segmentation in the software […]