PCI DSS Compliance in 2010
Computers & Technology → Site Security
- Author Mark Kedgley
- Published August 19, 2010
- Word count 620
The Payment Card Industry Data Security Standard, or PCI DSS, is still confusing for card payment merchants in 2010.
A recent survey of PCI DSS knowledge and understanding revealed the following facts
• 35% of retail/hospitality/entertainment organisations surveyed still do not understand compliance requirements
• Whilst there is a strong understanding within Tier 1 merchants (6 million transactions per year), 44% of Tier 2 and Tier 3 merchants do not understand the PCI DSS requirements
• 90% are either still working on implementing PCI DSS compliance measures identified in pre-audit surveys, or are not compliant and doing nothing about it, or are leaving it to the last minute
What do you need to do as an IT Service Provider to your Organization?
A number of automated 'compliance auditing' solutions for PCI DSS are available that typically provide the following functions
Compliance Auditing (aka Device Hardening) - typically, 'out of the box' PCI DSS as well as 'made to order' reports allow you quickly test critical security settings for windows servers and desktops, unix servers, linux servers and network devices, including wireless devices, and firewalls. The best solutions will provide details on your administrative procedures, technical data security services, and technical security mechanisms. Generally, these reports will probably identify some security vulnerabilities within the configuration settings to begin with. Once repaired though, you can generate these reports again to prove to auditors that your servers are compliant. Using inbuilt change tracking you can ensure systems remain compliant.
Change Tracking - once your firewalls, servers, workstations, switches, routers etc are all in a compliant state for PCI DSS you need to ensure they remain so. The only way to do this is to routinely verify the configuration settings have not changed because unplanned, undocumented changes will always be made while somebody has the admin rights to do so! The PCI DSS compliance software solution will alert when any unplanned changes are detected for server software using file-integrity monitoring, or firewalls and intrusion protection systems, and any other network device within your 'Compliant Infrastructure'.
Planned Change Audit Trail - when changes do need to be made to a PCI DSS server, firewall or network device, you need to ensure that changes are approved and documented. An automated software solution for PCI DSS makes this easy and straightforward, reconciling all changes made with the RFC or Change Approval record
Device Hardening must be enforced and audited. A good PCI DSS compliance auditing solution will provide automated templates for a hardened (secured & compliant) configuration for servers and desktops and network devices to show where work is needed to get compliant, and thereafter, will track all planned and unplanned changes that affect the hardened status of your infrastructure. The state of the art in compliance auditing software covers registry keys and values, file integrity monitoring, host integrity monitoring, service and process whitelisting/blacklisting, user accounts, installed software, patches, access rights, password ageing and much more.
Audit Log Management - All audit and event logs from all windows servers, Unix servers, Linux servers, firewalls and intrusion protection devices must be analyzed, filtered, correlated and escalated appropriately. Audit Log and Event log messages must be stored in a secure, integrity-assured, repository for the required retention period which for PCI DSS is 12 months.
Correlation of Security Information and Audit Logs - in addition you should implement Audit Log and Event Log Gathering from all devices with correlation capabilities for security event signature identification and powerful 'mining' and analysis capabilities. This provides a complete PCI DSS compliance safety net to ensure, for example to name just a few, virus updates complete successfully, host intrusion protection is enabled at all times, firewall rules are not changed, user accounts, rights and permissions are not changed without permission and patches are implemented.
All NewNetTechnologies software solutions are built using the latest technology, which means they can be fully adapted to suit all business environments. For more information on PCI DSS Compliance view our software solutions on http://www.newnettechnologies.com which provide 100% of the features you need but at a fraction of the cost of traditional solutions.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- A Brief Guide: The A-Z of Tailgating Attacks
- Essential Tips for Proofreading and Editing University Assignments
- Stop the Bleeding
- Top 10 Digital Forensics Tools: An In-Depth Exploration
- All You Need To Know To Secure Your Data From Phishing
- Crypto Security Guide: Everything You Need to Know to Protect Your Crypto
- Advancing Email Validation in Laravel
- Fortifying the Digital Fortress: Understanding the Foundations of Cybersecurity Architecture
- How is GenAI Changing Cybersecurity?
- AI-Enhanced Cybersecurity Trends for 2024
- The Game of Trust: A Guide to the Future of KYC in Gaming
- AI in Cybersecurity: The New Frontier in Digital Protection
- Metadata: The Attorney’s Secret Weapon in Civil Litigation
- The importance of cyber security
- 5 Reasons to Comply with CMMC
- Payless CCTV Security Camera
- How Bitdefender Protect From Pegasus Spyware
- Printer Security? Here Are 6 Tips To Keep Your Business Safe
- Why it is important to install Access control system at your business
- Powerful Keyloggers for Windows
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!