Newsletters Welcome, Guest Log In | Register
Knowledge Network :

Documents



Join the Community

Exchange

Get full access to our community's expertise and resources.

Register Now >

What's New

Hosted by JohnStorts

Updates and news from the Knowledge Network

New Definition Delivered for API; More to Come
 
Hello, Knowledge Network Community!
 
Does Your Company Struggle with Facebook? Check Out This User Policy
 

Top Contributors

View all participants

Popular Tags

View all

Currently Being Moderated

Definitions: PCI Data Security Standard

0

Created on: Apr 10, 2009 10:23 AM by Kim Mays - Last Modified:  Apr 10, 2009 10:31 AM by Kim Mays

Definition

The PCI Data Security Standard is a set of policies and requirements for increasing credit card account data security. The standard was developed by the PCI Security Standards Council, which includes American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International. It was created to help companies that work with financial customer data adopt a consistent data security policy internationally.

 

Business applications

These policies are for interacting with most credit card processing companies. Companies that work with credit card data should already have most, if not all of these policies in place already. However the PCI DSS formalizes the documentation of the policies that are used to meet the requirement of certification of data security.

 

Concerns

As with any security documentation, it is not valid if it is not frequently updated and implemented in production systems as documented in the standards. The most important part of deployment of new security  standards is the audit, which validates that the system administrators and  programmers who must abide by the new rules are following them and updating internal documentation to reflect the new policies.

 

Technical details

The core ideals of the PCI DSS are straightforward, and to most security experts make rational sense. This list is taken from the PCI website that defines the technical requirements of the policy:

 

Requirement 1: Install and maintain a firewall  configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for  system passwords and other security parameters

Requirement 3: Protect stored card holder data

Requirement 4: Encrypt transmission of cardholder data across  open, public networks

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and  applications

Requirement 7: Restrict access to cardholder data by  business need-to-know

Requirement 8: Assign a unique ID to each person with  computer access

Requirement 9: Restrict physical access to cardholder data

Requirement 10: Track and monitor all access to network  resources and cardholder data

Requirement 11: Regularly test security systems and  processes

Requirement 12: Maintain a policy that addresses  information security

Tags: pci_data_security_standard, definitions
Average User Rating
(2 ratings)




Add a comment Leave some feedback about this document.

There are no comments on this document

Premium Tools

Browse

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply Six Sigma thinking to IT service management.

Learn more >

The IT Service Catalog Management Toolkit

Bridge the IT-business gap once and for all! A well documented IT services catalog is the conduit for IT services to the rest of the company.

Learn more >

Hot Topics

Browse

Resource Centers

Browse

Security Software Solutions

Security software and strategies to protect valuable company information and insure compliance with global, federal, and state regulations.

Featured Whitepapers

Millennial Meltdown: Balancing Innovation with Productivity and Security

Mobile Management

Answers to the ongoing challenges of the mobile office: to work anywhere, securely and efficiently.

Featured Whitepapers

So, You're Responsible for Managing Laptops: Now What?

Greening IT with Server Consolidation

Learn how virtualization reduces the TCO of managing your date, while contributing towards your sustainability efforts.

Featured Whitepapers

Faster, Cheaper and Easier to Maintain: Can You Afford Not to Upgrade Your Servers to Today's Advanced, Energy-Efficient Technologies?

Network Optimization

Network management tools and tips to increase network speed and efficiency, regardless of office location.

Featured Whitepapers

Extreme Savings: Cutting Costs with WAN Optimization

White Papers, Events, and Resources

HP SiteScope Software Security Essentials

This white paper outlines how an agentless monitoring solution can securely transmit data and restrict access to satisfy even the most demanding security officer.

Four Steps to Cure Your Patch Management Headache

Read this white paper to learn how using patch and vulnerability management as the principal component of your risk mitigation strategy and taking a best-practices approach can help reduce costs and risks in the long term.