This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."
Download it now to read this article plus other related content.
Bob Russo, general manager of the PCI council, notes that organizations in some countries, like Japan, have spent a lot of time complying with security frameworks--such as the Information Security Man-agement Systems (ISMS) approach of ISO 27001 and 27002--and don't want to spend time complying with an additional standard. The card brands, along with the council, are working to raise awareness that DSS is not optional and not replaceable by any other certification work.
If an organization has been concentrating only on U.S. operations, it's time for it to start thinking globally and assessing all sites where card information is transacted. And
| if you are using a compliance framework, consider mapping the controls and documentation in place to those needed for the PCI assessment. Many companies report that "careful compliance recycling" can reduce overhead when certifying to new and emerging standards.
PCI compliance may not be a simple art, but there are ways--like leveraging compliance frameworks--to make it simpler. There are a lot of rules and requirements for PCI, but the core goal is simple: protect credit cards on those digital "mean streets."
5 BASIC steps to properly configure desktop security.
It's important to note that security is something that seems to get a little bit better with each new Windows operating system. Consequently, Windows XP offers some security features that are not supported by earlier versions of Windows such as Windows 95, 98, ME and NT 4.0. These steps assume that Windows XP will not be required to connect directly to an older version of the OS; some of the settings shown here may interfere with that. Therefore, if Windows XP is required to connect to legacy Windows operating systems, some security may have to be sacrificed in order to maintain connectivity.
These steps also assume that the workstations you are securing are running Windows XP with Service Pack 2 or higher (Microsoft released Service Pack 3 for Windows XP in May). Many of the security settings that will be discussed here were introduced in SP2.
This was first published in July 2008