PCI DSS Compliance in 2010
- Author Mark Kedgley
- Published August 19, 2010
- Word count 620
The Payment Card Industry Data Security Standard, or PCI DSS, is still confusing for card payment merchants in 2010.
A recent survey of PCI DSS knowledge and understanding revealed the following facts
• 35% of retail/hospitality/entertainment organisations surveyed still do not understand compliance requirements
• Whilst there is a strong understanding within Tier 1 merchants (6 million transactions per year), 44% of Tier 2 and Tier 3 merchants do not understand the PCI DSS requirements
• 90% are either still working on implementing PCI DSS compliance measures identified in pre-audit surveys, or are not compliant and doing nothing about it, or are leaving it to the last minute
What do you need to do as an IT Service Provider to your Organization?
A number of automated 'compliance auditing' solutions for PCI DSS are available that typically provide the following functions
Compliance Auditing (aka Device Hardening) - typically, 'out of the box' PCI DSS as well as 'made to order' reports allow you quickly test critical security settings for windows servers and desktops, unix servers, linux servers and network devices, including wireless devices, and firewalls. The best solutions will provide details on your administrative procedures, technical data security services, and technical security mechanisms. Generally, these reports will probably identify some security vulnerabilities within the configuration settings to begin with. Once repaired though, you can generate these reports again to prove to auditors that your servers are compliant. Using inbuilt change tracking you can ensure systems remain compliant.
Change Tracking - once your firewalls, servers, workstations, switches, routers etc are all in a compliant state for PCI DSS you need to ensure they remain so. The only way to do this is to routinely verify the configuration settings have not changed because unplanned, undocumented changes will always be made while somebody has the admin rights to do so! The PCI DSS compliance software solution will alert when any unplanned changes are detected for server software using file-integrity monitoring, or firewalls and intrusion protection systems, and any other network device within your 'Compliant Infrastructure'.
Planned Change Audit Trail - when changes do need to be made to a PCI DSS server, firewall or network device, you need to ensure that changes are approved and documented. An automated software solution for PCI DSS makes this easy and straightforward, reconciling all changes made with the RFC or Change Approval record
Device Hardening must be enforced and audited. A good PCI DSS compliance auditing solution will provide automated templates for a hardened (secured & compliant) configuration for servers and desktops and network devices to show where work is needed to get compliant, and thereafter, will track all planned and unplanned changes that affect the hardened status of your infrastructure. The state of the art in compliance auditing software covers registry keys and values, file integrity monitoring, host integrity monitoring, service and process whitelisting/blacklisting, user accounts, installed software, patches, access rights, password ageing and much more.
Audit Log Management - All audit and event logs from all windows servers, Unix servers, Linux servers, firewalls and intrusion protection devices must be analyzed, filtered, correlated and escalated appropriately. Audit Log and Event log messages must be stored in a secure, integrity-assured, repository for the required retention period which for PCI DSS is 12 months.
Correlation of Security Information and Audit Logs - in addition you should implement Audit Log and Event Log Gathering from all devices with correlation capabilities for security event signature identification and powerful 'mining' and analysis capabilities. This provides a complete PCI DSS compliance safety net to ensure, for example to name just a few, virus updates complete successfully, host intrusion protection is enabled at all times, firewall rules are not changed, user accounts, rights and permissions are not changed without permission and patches are implemented.
All NewNetTechnologies software solutions are built using the latest technology, which means they can be fully adapted to suit all business environments. For more information on PCI DSS Compliance view our software solutions on http://www.newnettechnologies.com which provide 100% of the features you need but at a fraction of the cost of traditional solutions.Article source: http://articlebiz.com
There are no posted comments.
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?
- What is a denial of service attack?
- How to Remove VISUAL SHOPPER completely
- Just a few Thinkings In relation to File and Document Management Systems Protection