|
|
sponsored by Applied Identity
|
|
|
Posted:
|
28 Jan 2008
|
|
Published:
|
25 Jan 2008
|
|
Format:
|
PDF
|
|
Length:
|
12
Page(s)
|
|
Type:
|
White Paper
|
|
Language:
|
English
|
|
|
ABSTRACT:
The PCI Data Security Standard (PCI DSS) was first announced in 2005 as a jointly developed data security standard for the payment card industry in response to the growing costs associated to credit card fraud through data compromise. American Express, Discover, JCB, MasterCard Worldwide and Visa International provided the guidelines to help organizations process card payments to prevent credit card fraud, hacking and various other security issues.
Compliance-ready networks typically require securing stored data, controlling access to data, ensuring availability of data and applications, and monitoring network events. The PCI DSS uses the following control objectives to define the 12 high-level security requirements and can be broken down into the following sections:
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
In the latest iteration of the standard (PCI DSS version 1.1), the twelve broad sections of compliance have been broken down for further clarification into 64 primary controls and 143 control enhancements ???????? bringing the total to 207 requirements. These security requirements apply to all system components which are defined as any network component, server, or application that is included in or connected to the cardholder data environment.
Topics:
Network Security
Access Control
Application Security
Authentication
Identity Management
Endpoint Security
Security Policy
PCI Data Security Standard
|
|
|
|
BROWSE RELATED
RESOURCES
Authorization | Compliance Audits | Compliance Software | Data Security | Identity Management | Identity Management Software | Information Security | Payment Card Industry | Payment Card Industry Data Security Standard | Payment Card Industry Data Security Standard Compliance | Security Audits | Security Event Management
|
View All Resources
sponsored by Applied Identity
|
|
|
|
|
|
TechTarget provides enterprise IT professionals with the information they need to perform their jobs
- from developing strategy, to making cost-effective IT purchase decisions and managing their
organizations' IT projects - with its network of
|
|
|
Definitions:
|
|
 |
|
|
All Rights Reserved,
Copyright 2000 - 2007, TechTarget |
|
|
|
|
Free Newsletters