Overview
PCI compliance is another big thing came into IT security arena. As a security practioner for years, I think it's another great chance for IT to integrate security requirement into their daily business actions.
Put People,Process and Technology always in mind, you will find once you have the infrastructure pieces for supporting the security oriented activities and once you integrate the requirement into your everyday process, the onging PCI compliance will be naturally achievable.
Business Integration
It's highly depend on your organization. You need to define who needs to do what and where the output should be etc.
Infrastructure Support
- Documentation Portal
Support the onging documentation, collaboration and able to integrate 3rd party tools - Firewall
- IDS
- Internal VA scanner
- External VA service
- Identity management
- SEM/SIM
Appendix: PCI DSS
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Links
- https://www.pcisecuritystandards.org/tech/index.htm
- https://www.pcisecuritystandards.org/tech/supporting_documents.htm, You can use the self assessment or procedures to go through what you are going to get through.
- http://www.visa.ca/en/merchant/fraudprevention/ais/servicelevels.cfm
- http://www.cybertrust.com/solutions/compliance_governance/pci_compliance/pci_levels/
Recent comments
4 days 7 hours ago
6 days 22 hours ago
1 week 18 hours ago
1 week 3 days ago
1 week 3 days ago
1 week 6 days ago
2 weeks 2 days ago
2 weeks 6 days ago
2 weeks 6 days ago
2 weeks 6 days ago