Security Market Segment LS
Wednesday, 09 December 2015 21:20

You need to understand the new PCI DSS requirements

By

If you handle money via credit/debt/EFTPOS/cards you need to comply with the demanding security requirements of the new Payment Card Industry Data Security Standard (PCI DSS) updated in April 2015.

According to ISACA this is a concern not only for business managers and IT professionals, but also for non-technical directors, managers and staff. New guidance from global IT association ISACA simplifies the process, with a template implementation plan, example self-assessment and an audit/assurance program.

Its Practical Guide to the Payment Card Industry Data Security Standard (PCI DSS) also provides:

  • Concise summaries of PCI DSS requirements
  • Consolidated information from numerous PCI DSS publications
  • Background advice on challenging requirements
  • Techniques to scope and implement the requirements
  • PCI DSS requirements mapped to COBIT 5 processes and ISO/IEC 270012 controls
  • Risk scenarios
  • Detailed explanation of how to design a professional audit/assurance plan

Payment card fraud is a constantly changing risk that impacts consumer, merchant and banking institutions, and generates substantial financial loss. PCI DSS helps to reduce cyber-crime through changes in payment card encryption and updates in POS (Point of Sale) technology.

“Fraudsters will always be out there attempting to hack any and every security measure intended to protect financial stakeholders. PCI DSS helps to significantly reduce the risks involved,” said David Lacey, the book’s author. “This guide assists with technical compliance, policy development and ensuring a compliance-aware culture.”

More than half a billion records with sensitive information have been recently compromised by data breaches, including incidents at notable retail establishments such as TJ Maxx, Target and Home Depot. The popularity of paying products and services via a payment card is only going to increase. ISACA’s reference guide is designed to help improve security, alignment with business strategy, efficiency, clarity and cost-savings.

The guide has been written in plain language to enable non-technical directors, managers and staff in retail enterprises, financial organizations and IT service functions to easily find, understand and use the information.

The primary audience is operational stakeholders (security managers, IT managers, business managers and IT auditors) who are responsible for developing, implementing, operating, managing or reviewing the controls, technology and processes that are required to meet and formally comply with the PCI DSS. However, governance stakeholders (finance directors, C-suite executives and the board of directors) who are accountable for development of the governance framework that ensures that PCI DSS compliance is part of business as usual will find this guide very useful.

A Practical Guide to PCI DSS is available at www.isaca.org/pci-dss and costs US$35 for members and $60 for non-members.

ISACA (previously known as the Information Systems Audit and Control Association) is a professional not-for-profit, membership based body that offers its 140,000 members innovative and world-class knowledge, standards, networking, credentialing, and career development.

From Wikipedia (this a very small part of its explanation)

The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives".

Each version of PCI DSS has divided these twelve requirements into a number of sub-requirements differently, but the twelve high-level requirements have not changed since the inception of the standard.

Control objectives

PCI DSS requirements

Build and maintain a secure network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

5. Use and regularly update anti-virus software on all systems commonly affected by malware

6. Develop and maintain secure systems and applications

Implement strong access control measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an information security policy

12. Maintain a policy that addresses information security

If it sounds simple – believe me it is not.

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments