PCI DSS
Erin Carrick
What is PCI DSS?
Payment Card Industry Data Security Standard
Also known as:
pliance
History
December 2004
Major Players:
Visa, MasterCard, American Express, Discover, JCB
Each had its own security standards
Problem: Credit Card Fraud due to Merchant's failure to secure information
Goal: panies to standardize security measures on a global scale
History
Standardization of Credit Card Data Security
Essentially a checklist of technical/operational standards
Yearly review; Version as of October 2010.
ch?v=1boEXDVkKjU&feature=relmfu
Motivation
Ideally, if all requirements are met, breaches will be practically impossible.
Many security experts believe this to be true.
“promised entity has been found to be pliance at the time of the breach.”
Why do we care?
80% of Americans own credit cards
million credit cards in .
Millions of dollars lost each year due to fraud
Protecting Personal Information
Protecting Others' Information
Overview
PCI Requirements
Difficulties pliance
Controversial Issues
pliance mean security?
Is it possible to always pliant?
Is PCI just for credit pany profit?
PCI: A “Simple” 6-Step Security Standardization Process
Build and Maintain a work
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and works
Maintain an Information Security Policy
Slightly plicated...
...and even plicated.
Example: Step 1 – Install and Maintain Firewall
Actually 28 steps total...
PCI DSS 来自淘豆网m.daumloan.com转载请标明出处.
