Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

Understanding which requirements of the "12 commandments" are the most challenging can keep your organization from wasting time, money and effort on the wrong ideas or technical implementations. In this guide, Craig Norris draws some important PCI conclusions.

PCI is designed to safeguard credit card data from the time it is received until the end of its life cycle. The

stakes are high for organizations like Internet-based businesses, which rely heavily on credit card processing to sell products and services. It only takes one security breach to cause significant harm to a business's bottom line as well as its reputation, and that harm can be permanent.

For more information on PCI

Companies are moving forward with compliance projects, but many are underestimating the PCI costs.

In this tip, security expert Mike Rothman discusses which parts of PCI DSS have been difficult for merchants to master.
Understanding which requirements of the "12 commandments" are the most challenging can help your organization to avoid wasting time, money and effort on the wrong ideas or technical implementations.

Furthermore, it is important to know that the PCI isn't concerned with how many employees you may have or what your annual revenue is; therefore, organizations must look at the requirements not simply as a checklist, but as a practical guide to developing a risk management program. Implementing sound security policies, utilizing technologies for log and vulnerability management, properly building network segmentation and securing the perimeter through the use of firewalls can go a long way toward helping an enterprise achieve PCI compliance.


A GUIDE TO PASSING PCI'S FIVE TOUGHEST REQUIREMENTS

  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources and data
  Requirement 1: Install and maintain a firewall configuration
  Conclusion

ABOUT THE AUTHOR:
Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via canvip@yahoo.com.
This was first published in September 2007

Dig deeper on PCI Data Security Standard

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close