Five Tips to Prepare Your Business for PCI DSS 3.0

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Tips to Prepare Your Business for PCI DSS 3.0-2 Next

Understand What Requirements Have Evolved

Map your current environment to the new PCI DSS 3.0 requirements. The changes between the PCI DSS 2.0 and 3.0 requirements can be daunting if your organization is not prepared to implement the changes by the deadline. Build a plan to identify any new changes in your current environment that may require time and planning to implement by the January 1, 2015 deadline. For example, additional requirements and clarifications in the new standard significantly expand the scope of systems requiring security assessment and controls, including coverage of network devices like routers and firewalls.

According to an eWeek article on PCI DSS 3.0:

One of the new best practices that will not be required until 2015, Troy Leach, CTO of PCI SSC, told eWEEK, is a need for agreements between merchants and third-party service providers about the responsibilities of protecting cardholder data. Another area that will be an initial best practice is requirement 9.9, which stipulates further requirements around the inspection of physical security and protection for payment terminals.

In today's global marketplace, credit card breaches are widespread, affecting everyone from small and medium-sized businesses to Fortune 100 corporations. As we've seen with recent retail breaches at Home Depot, Kmart, Target, Michaels and others, cardholder data (CHD) has become a more prevalent target, and there's an increasing need to implement stronger security measures to protect consumers and their data. Businesses that manage CHD are required to comply with the Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0).

The PCI DSS 3.0 standard was effective January 1, 2014, however, organizations that were compliant with the requirements in PCI DSS 2.0 have an extended deadline and must comply with the new standard by January 1, 2015. The updated standards provide baseline security measures to align organizations more closely with industry best practices, and drive them to build the practices into their daily operations. PCI DSS is no longer a once-a-year auditing activity. It's now a continuous day-to-day practice. In this slideshow, cloud security vendor Qualys provides five tips to prepare your business for PCI 3.0.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.