Subscribe


Reddit  Del.icio.us  Stumble Upon  Facebook  Bookmark
Facebook Follow

Security Policies Procedures
Security Audit Program
Security Policies and Procedures and Audit Program

DRP Security Template
DRP BCP Audit
IT Hiring IT Job Descriptions IT Salary Survey
Security Topics

How to Justify Security Spending
ISO Domains & Security Manual Template
ISO 27008:2011
Top 10 Security Myths
Security Issue Trends
Security Management
Common User Passwords
User Security Holes
Passwords
Top Network
Security Weaknesses
Malware Impact On Security
Steps to Detect and Prevent Security Breaches
Insider Data Security Issues
What is HIPAA
SmartPhone & Tablet Security
Digital Copier Risk
Mobile Device Security


 

Compliance News Letter

Credit Card companies are requiring its acquirers certify that all merchants and all processors meet PCI-DSS requirements. If you are using a payment application it better be on the PCI-DSS compliant list and your web server be PCI-DSS compliant. The first hard deadline for compliance with the Payment Card Industry's (PCI) Data Security Standard (DSS) is just around the cornet, merchants are ramping up efforts to get their houses in order. Many level three (20,000 to 6,000,000 transactions per year) and four merchants (fewer than 20,000 transaction per year) have not complied and may miss the next deadline and be fined.

PCI-DSS Compliance Kit Helps Level 4 Merchants

Credit Card Companies aim to secure cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards. While the threshold for PCI compliance is only a minimum standard, businesses recognize that failure to meet PCI requirements can lead to both financial penalties and long-term damage to customer trust and brand equity.

PCI requirements maintain that companies shall encrypt data at rest, which is a challenging and expensive endeavor for most retailers to undertake.  The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

The PCI-DSS Compliance Kit aid level 4 merchants with infrastructure tolls that address issues that all of these merchants face.

  • PCI-DSS Coordinator- With the onset of the new compliance requirements Level 4 merchants need to have one point of contact for all of the issues associated with meeting the requirement.
  • e-Commerce, wireless, and Internet personnel - The PCI-DSS standard hits all of these areas and the personnel involved need to understand the new responsibilities that they have.<
  • Formal Security Audit Program - With onset of the mandated requirement a formal audit program is required by even the smallest merchant.
  • Security Polices and Procedures - Structure and rules are required any many Level 4 merchants do not have the infrastructure in place to address these issues directly.

PCI-DSS Compliance Kit

Read On...                                                                  Order Compliance Kit...

Internet and IT Job Descriptions Released

The Internet and IT Position Descriptions HandiGuide® has just been updated and is over 600 pages; which includes sample organization charts, a job progression matrix, and 220 Internet and IT job descriptions. The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format.

The 220 positions include all of the functions within the IT group. The Job Descriptions have been updated to be compliant with PCI-DSS, Sarbanes-Oxley, HIPAA, and the ITIL standards. The job descriptions are all structured to focus on "Best Practices" as defined by the IT Productivity Center to meet the requirements of World Class Enterprises. They are ready to use and easily modified to meet your enterprise's unique requirements.

  • Chief Information Officer (CIO)
  • Chief Information Officer (CIO) - Small Enterprise
  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • Chief Technology Officer (CTO)
  • Director Electronic Commerce
  • Director Sarbanes-Oxley Compliance
  • Manager Data Security/Special Project Supervisor
  • Disaster Recovery Coordinator
  • Internet/Intranet Administrator
  • Manager Metrics
  • Metrics Measurement Analyst
  • Manager Wireless Systems
  • Webmaster
  • PCI-DSS Coordinator
  • Programmer
  • Object Programmer
  • Unix System Administrator
  • Windows System Administrator