Regulatory Compliance, Governance and Security

Feb 14 2009   1:52PM GMT

Payment Card Industry (PCI) Compliance | Much More than just I.T.



Posted by: Charles Denyer
Tags:
payment card industry data security standards (PCI DSS)
PCI DSS
pci dss 1.2
pci dss policies and procedures
pci readiness assessment
qualified security assessor (QSA)
requirement 12: Maintain a policy that addresses information security

That’s right. Payment Card Industry (PCI) compliance is much more than just I.T. and all the surrounding hardware and software components that make up the “system components” within the cardholder environment. I’ve just recently finished up a PCI Readiness Assessment for a client on the West Coast and guess what happens to be there most significant and time consuming remediation activity? The writing of documented policies and procedures for numerous requirements as set forth and promulgated by the PCI DSS v.1.2 standards. That’s right, they can be painstaking, arduous, and time consuming. Even worse, most I.T. security professionals really do not like to consume themselves with this daunting task.

So remember, when you are are all caught up in the PCI game and you are so focused on routers, switches, load balancers, and other network and system devices, make sure you focus on the much needed policies and procedures that are sprinkled throughout the PCI DSS requirements. My advice, hire a seasoned Qualified Security Assessor (QSA) to write them for you, you’ll be glad you did.

And if you don’t believe me, take a look at Requirement 12: Maintain a Policy that Addresses Information Security.

To learn more about Payment Card Industry (PCI) compliance, visit pciassessment.org

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: