A More Rational Approach to Card Data Security
The Payment Card Industry Data Security Standard (PCI) is as notable for the guidance it offers as for that it omits. By parsing card data protection into a 12-step program, PCI provides an accessible guide to a reasonably complete information security practice.
Yet, by assuming much of the security- and risk-management context that provides efficiency and effectiveness in enterprise implementations, PCI leaves many opportunities for budgetary gaffes and breach events.
Addresses key PCI gaps ad assumptions, this research paper supports integration of the standard into strategic risk- and security-management programs. Content includes:
- More than 240 procedural action items, categorized by PCI DSS Section
- An analytical perspective on PCI requirements
- Concrete, experience-based advice on how to use PCI as a lever to build and advance the overall organizational security program
- References to useful resources that support an integrated compliance approach
- Translating PCI assessment requirements into implementable actions
New Advisory Supplement:
10 High-Impact Steps to Harden Commerce Systems
Although information security may be a continuous process, security risk is inconstant. Environmental variables, such as seasonal business fluctuations and conditions, emergent threats, staff resource availability, and budget levels impact practical security needs and priorities. Your ultimate goal might be to secure all system components all of the time; however, high-stress situations beg the question: "What can I do right now to secure critical information?"
This Advisory Supplement, bundled with the Truth to Power research paper PCI: Requirements to Action, addresses the question with more than 30 practical recommendations for quickly:
- Securing routers, firewalls, and wireless access points
- Reducing the risk exposure of user accounts and network resources
- Training retail sales-floor staff to enforce security procedures
- Improving incident response capabilities
This research bundle is a Truth to Power original resource, freely available to all registered members of the community. If you are not yet a member, please join now. It's free.
Note: This resource is made possible by the support of Tripwire, Inc. T2P does not charge for research offerings and strictly observes vendor neutrality in all community publications (more about that here). Companies such as Tripwire support this model by underwriting our research efforts in exchange for the contact information of individuals who download the paper. We hope you agree that sharing your contact information is a good-value proposition for substantive guidance. However, if you do not wish us to share your information, do not access this resource.
|
|
|
