Security Market Segment LS
Wednesday, 09 December 2015 21:20

You need to understand the new PCI DSS requirements

By

If you handle money via credit/debt/EFTPOS/cards you need to comply with the demanding security requirements of the new Payment Card Industry Data Security Standard (PCI DSS) updated in April 2015.

According to ISACA this is a concern not only for business managers and IT professionals, but also for non-technical directors, managers and staff. New guidance from global IT association ISACA simplifies the process, with a template implementation plan, example self-assessment and an audit/assurance program.

Its Practical Guide to the Payment Card Industry Data Security Standard (PCI DSS) also provides:

  • Concise summaries of PCI DSS requirements
  • Consolidated information from numerous PCI DSS publications
  • Background advice on challenging requirements
  • Techniques to scope and implement the requirements
  • PCI DSS requirements mapped to COBIT 5 processes and ISO/IEC 270012 controls
  • Risk scenarios
  • Detailed explanation of how to design a professional audit/assurance plan

Payment card fraud is a constantly changing risk that impacts consumer, merchant and banking institutions, and generates substantial financial loss. PCI DSS helps to reduce cyber-crime through changes in payment card encryption and updates in POS (Point of Sale) technology.

“Fraudsters will always be out there attempting to hack any and every security measure intended to protect financial stakeholders. PCI DSS helps to significantly reduce the risks involved,” said David Lacey, the book’s author. “This guide assists with technical compliance, policy development and ensuring a compliance-aware culture.”

More than half a billion records with sensitive information have been recently compromised by data breaches, including incidents at notable retail establishments such as TJ Maxx, Target and Home Depot. The popularity of paying products and services via a payment card is only going to increase. ISACA’s reference guide is designed to help improve security, alignment with business strategy, efficiency, clarity and cost-savings.

The guide has been written in plain language to enable non-technical directors, managers and staff in retail enterprises, financial organizations and IT service functions to easily find, understand and use the information.

The primary audience is operational stakeholders (security managers, IT managers, business managers and IT auditors) who are responsible for developing, implementing, operating, managing or reviewing the controls, technology and processes that are required to meet and formally comply with the PCI DSS. However, governance stakeholders (finance directors, C-suite executives and the board of directors) who are accountable for development of the governance framework that ensures that PCI DSS compliance is part of business as usual will find this guide very useful.

A Practical Guide to PCI DSS is available at www.isaca.org/pci-dss and costs US$35 for members and $60 for non-members.

ISACA (previously known as the Information Systems Audit and Control Association) is a professional not-for-profit, membership based body that offers its 140,000 members innovative and world-class knowledge, standards, networking, credentialing, and career development.

From Wikipedia (this a very small part of its explanation)

The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives".

Each version of PCI DSS has divided these twelve requirements into a number of sub-requirements differently, but the twelve high-level requirements have not changed since the inception of the standard.

Control objectives

PCI DSS requirements

Build and maintain a secure network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

5. Use and regularly update anti-virus software on all systems commonly affected by malware

6. Develop and maintain secure systems and applications

Implement strong access control measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly monitor and test networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an information security policy

12. Maintain a policy that addresses information security

If it sounds simple – believe me it is not.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments