PCI
DSS
PCI (Payment
Card Industry) is a set of security requirements issued by the Payment
Card Industry Security Standard Council. In very general terms, it is
the joint effort of the Payment Card brands (VISA, MasterCard, American
Express, Discover) to reduce the risk of payment/credit card fraud by
protecting the areas with an organization that stores, processes or
transmit cardholder data in addition to requiring confirmation of the
safeguards put in place.
There are
twelve security requirements, broken down in six key security areas.
The
Key Security Areas
Building and Maintaining a Secure Nework
1. Install and Maintain a firewall configuration to protection cardholder
data
2. Do not use vendor supplied defaults for system passwords and other
security parameters
Protecting
Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintaining
a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implementing
Strong Access Control Measures
7. Restrict access to carholder data by business need-to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly
monitoring and testing networks
10. Track and monitor all access to network resources and cardholder
data
11. Regularly test security systems and processes
Maintaining
an Information Security Policy
12. Maintain a policy that addresses information secruity for
employees and contractors
How
Symtrex Assists
Symtrex's
focus on security services and solutions, covers all 12 of the security
requirements. Symtrex's security audit methodology will provide the
necessary information required to meet corporate security standards
and address regulatory act compliance, from auditing your current solution,
installation of a firewall, through to vulnerability assessments to
event log management solutions.
Contact
us
today to receive more information.
|
|
|
|
