Newly released statistics show Visa making strong progress in driving Payment Card Industry security compliance. But other card brands' compliance efforts, and PCI Security Council communications, still need improvement.
No matter how large or small your business is, if you take credit/debit cards or paycards from American Express, Discover, MasterCard and/or Visa, you will have to meet PCI Data Security Standards. These preventative measures are used to protect cardholders from security breaches that could lead to identity theft. If you do not met, these standards per your contractual obligations, you can be fined and/or sanctioned by the credit card company and/or acquiring bank.
IT Governance Infrastructure, Strategy, and Charter Template Released - PCI-DSS Compliant
With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.Defining the optimal IT infrastructure is a critical task that can no longer wait with all of the changes mandated by PCI-DSS, HIPAA, and Sarbanes-Oxley requirements that change an enterprise's operating environment. The template helps you:
- Understand and explain what infrastructure is, enabling the enterprise, its constituents, and the executive team to manage the technology environment more effectively.
- Analyze the current state of the infrastructure so the enterprise knows where it works well and where to focus improvement efforts.
- Justify infrastructure spending, using the template's comprehensive definitions and ready to use examples to link IT infrastructure and the enterprise's bottom line.
- Prioritize resources with a prescriptive tools that let the enterprise focus its efforts.
- IT Infrastructure, Strategy, and Charter Summary (see sample page)
- Strategy and Charter Statement of Authority
- IT Management Structure
- Personnel Practices
- Application Development Standards
- Service Requests
- Local Area Network
- Back-up and Recovery
- Disaster Recovery Plan
- Access Control - Physical Site
- Access Control - Software and Data
- Facility Requirements
- ISO 27001 & ISO 27002 Audit Checklist
- HIPAA Audit Program
- Full Job Description for CIO large enterprise
- Full Job Description for CIO small enterprise
PCI-DSS Compliance Kit Helps Level 4 Merchants
Credit Card Companies aim to secure cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards. While the threshold for PCI compliance is only a minimum standard, businesses recognize that failure to meet PCI requirements can lead to both financial penalties and long-term damage to customer trust and brand equity.
PCI requirements maintain that companies shall encrypt data at rest, which is a challenging and expensive endeavor for most retailers to undertake.
The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.
The PCI-DSS Compliance Kit aid level 4 merchants with infrastructure tolls that address issues that all of these merchants face.
- PCI-DSS Coordinator - With the onset of the new compliance requirements Level 4 merchants need to have one point of contact for all of the issues associated with meeting the requirement.
- e-Commerce, wireless, and Internet personnel - The PCI-DSS standard hits all of these areas and the personnel involved need to understand the new responsibilities that they have.
- Formal Security Audit Program - With onset of the mandated requirement a formal audit program is required by even the smallest merchant.
- Security Polices and Procedures - Structure and rules are required any many Level 4 merchants do not have the infrastructure in place to address these issues directly.