Learning Guide

Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments"

PCI is designed to safeguard credit card data from the time it is received until the end of its life cycle. The stakes are high for organizations like Internet-based businesses, which rely heavily on credit card processing to sell products and services. It only takes one security breach to cause significant harm to a business's bottom line as well as its reputation, and that harm can be permanent.

    Requires Free Membership to View

For more information on PCI

Companies are moving forward with compliance projects, but many are underestimating the PCI costs.

In this tip, security expert Mike Rothman discusses which parts of PCI DSS have been difficult for merchants to master.
Understanding which requirements of the "12 commandments" are the most challenging can help your organization to avoid wasting time, money and effort on the wrong ideas or technical implementations.

Furthermore, it is important to know that the PCI isn't concerned with how many employees you may have or what your annual revenue is; therefore, organizations must look at the requirements not simply as a checklist, but as a practical guide to developing a risk management program. Implementing sound security policies, utilizing technologies for log and vulnerability management, properly building network segmentation and securing the perimeter through the use of firewalls can go a long way toward helping an enterprise achieve PCI compliance.


  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources and data
  Requirement 1: Install and maintain a firewall configuration

Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via canvip@yahoo.com.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: