Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

For more information on PCI Companies are moving forward with compliance projects, but many are underestimating the PCI costs. In this tip, security expert Mike Rothman discusses which parts of PCI DSS have been difficult for merchants to master.

Understanding which requirements of the "12 commandments" are the most challenging can help your organization to avoid wasting time, money and effort on the wrong ideas or technical implementations.

Furthermore, it is important to know that the PCI isn't concerned with how many employees you may have or what your annual revenue is; therefore, organizations must look at the requirements not simply as a checklist, but as a practical guide to developing a risk management program. Implementing sound security policies, utilizing technologies for log and vulnerability management, properly building network segmentation and securing the perimeter through the use of firewalls can go a long way toward helping an enterprise achieve PCI compliance.

A GUIDE TO PASSING PCI'S FIVE TOUGHEST REQUIREMENTS

  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources and data
  Requirement 1: Install and maintain a firewall configuration
  Conclusion

ABOUT THE AUTHOR:

Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via canvip@yahoo.com.

BROWSE BY TAG Security Audit, Compliance and Standards,   PCI Data Security Standard,   IT Security Audits,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT PCI Data Security Standard Chip and PIN adoption Chip and PIN adoption serves lesson for U.S. payment industry Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Wireless network guidelines for PCI DSS compliance Visa probes tokens, encryption for PCI card data protection Feds push cybersecurity jobs, PCI DSS changes ahead. Voltage, RSA spar over tokenization, data protection Experts, vendors search for PCI's holy grail IT Security Audits Standards compliance does not equal sound information security risk management Tony Spinelli: Prioritize Information Security over Compliance How to prepare for a FERPA audit MasterCard increases PCI compliance requirements for some merchants How to select a set of network security audit guidelines How to write a risk methodology that blends business, security needs PCI compliance requirement 11: Testing Using IAM tools to improve compliance Forensic accounting success depends on information security support HIPAA compliance: New regulations change the game

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary PCI DSS (Payment Card Industry Data Security Standard )  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary