Discussion

profilekirankumar
risk_ts_pcidssgoals.docx
Home>Computer Science homework help>Discussion

Main Goals of Payment Card Industry Data Security Standard (PCI DSS)

Main Goals of PCI DSS

· Build and maintain a secure network that is PCI compliant.

· Protect cardholder data.

· Maintain a vulnerability management program.

· Implement strong access control measures.

· Regularly monitor and test networks.

· Maintain an information security policy.

GOAL 1: Build and maintain a secure network that is PCI DSS compliant

All merchants must protect cardholder information by installing a firewall and a router system.

· Install, configure, and maintain a firewall system to maintain control over an organization’s network; use a router device to connect networks that will make you a PCI compliant merchant.

· Next, execute the following steps:

· Perform testing when configurations change.

· Identify all connections to cardholder information.

· Review configuration rules every six months.

· Change all default passwords. Default passwords are provided when software is installed; they are discernible and can be easily discovered by hackers.

GOAL 2: Protect cardholder data

· Cardholder data is any personal information about the cardholder that is found on the payment card and can never be saved by a merchant.

· Merchants can only display the maximum of the first six and last four digits of the primary account number.

· All information must be encrypted when transmitting data across public networks, such as the Internet, to prevent criminals from stealing the personal information during the process.

GOAL 3: Maintain a vulnerability management program

· Computer viruses make their way onto computers in many ways, but mainly through e-mail and other online activities.

· Viruses compromise the security of personal cardholder information on a merchant’s computer, and therefore antivirus software must be present on all computers associated with the network.

· In addition to antivirus software, computers are also susceptible to a breach in the applications and systems installed on the computer.

· Merchants must install vendor-provided security patches within a month of their release to avoid exposing cardholder data.

GOAL 4: Implement strong access control measures

· As a merchant, you must limit the accessibility of cardholder information.

· Install passwords and other security measurements to limit employee’s access to cardholder data.

· In order to trace employee’s activities when accessing sensitive information, assign each user an unreadable password used to access the cardholder data.

· Monitor the physical access to cardholder data; do not allow unauthorized persons the opportunity to retrieve the information by securing printed information as well as digital.

· Maintain a visitor log and save the log for at least three months.

GOAL 5: Regularly monitor and test networks

· Keep system activity logs that trace all activity; review the log daily for security breaches.

· The information stored in the logs is useful in the event of a security breach to trace employee activities and locate the source of the violation.

· Each quarter, use a wireless analyzer to check for wireless access points to prevent unauthorized access.

· Also, scan internal and external networks to identify any possible vulnerable areas in the system.

· Install software to recognize any modification by unauthorized personnel.

GOAL 6: Maintain an information security policy

· Establish a security policy that covers all PCI DSS compliance requirements and includes annual procedures to recognize any security breaches and day-to-day security policies.

· Perform background checks on potential employees and educate new and current employees about the compliance regulations.

Additional Information

· To become PCI compliant, you need to complete a questionnaire. This questionnaire consists of yes-or-no questions about your current processing service practices.

· Insure all of your personal identification number (PIN) entry devices are PCI compliant.

· Merchants must install certified PCI compliant payment software on their terminal.

Reference: http://www.pcifree.com/pci-dss.html URL Last Verified: 2014-06-18

© 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 1