Payment
Card Industry (PCI) Data Security Audit Program

It is estimated that the cost of a credit card
security breach is between $90 and $305 per compromised record. While
the threshold for PCI compliance is only a minimum standard, businesses
recognize that failure to meet PCI requirements
can lead to both
financial penalties and long-term damage to customer trust and brand
equity.
PCI requirements maintain that companies shall encrypt data at rest,
which is a challenging and expensive endeavor for most retailers to
undertake.
The PCI DSS security requirements apply to all
“system components.” A system component is defined as any network
component, server, or application that is included in or connected to
the cardholder data environment. The cardholder data environment is that
part of the network that possesses cardholder data or sensitive
authentication data. Network components include but are not limited to
firewalls, switches, routers, wireless access points, network
appliances, and other security appliances. Server types include, but are
not limited to the following: web, database, authentication, mail,
proxy, network time protocol (NTP), and domain name server (DNS).
Applications include all purchased and custom applications, including
internal and external (internet) applications.


This program is specific to the required annual PCI audit. Included in the standard audit program are two policies (one
paragraph long) which need to be implemented to meet PCI DSS security
requirements. The policies are for "Sensitive Data" and "Record
Management (Retention and Disposition)" --the ones provided in the
standard package are shorthand versions of the full polices
contained in other Janco products which are available individually or in
the premium and gold versions of the PCI Audit program.
Both the Premium Version and the Gold Version include copies of
Cornerbowl Software's award winning product Network Event Viewer.
The table below shows what is included in each of the three versions
of the PCI Audit Program:
|
Component |
Standard |
Silver
Save 20% |
Gold
Save 25% |
Platinum
Save 30% |
|
PCI Audit Program - 62 pages |
X |
X |
X |
X |
|
Network Event Viewer - Manage 20 computers |
|
X |
|
|
|
Network Event Viewer - Manage 50 computers |
|
|
X |
|
|
Network Event Viewer - Manage an unlimited number of
computers |
|
|
|
X |
|
Sensitive Information Policy -
31 Pages |
|
X |
X |
X |
|
Record Management -
Retention & Disposition Policy - 38 Pages |
|
X |
X |
X |
|
Security Manual Template -
Over 255 pages |
|
|
X |
X |
|
Backup Policy - 10 Pages |
|
|
X |
X |
|
Security Audit Program - 400
Tasks |
|
|
|
X |
|
Disaster Recovery / Business
Continuity Audit Program - 13 pages |
|
|
|
X |

|