The PCI DSS - Implementing Strong Access Control Measures
Data security cannot be ignored in today's business environment. A customer's personal information is a valuable commodity, and more and more they are going to demand high levels of security and protection. So the question is: are you able to provide it?The PCI DSS was created by the five major credit card companies to be a measure and standard that all merchants who store, process, and transmit cardholder data must conform to. There are 12 requirements to the PCI DSS, and all of them deal with security in one form or another, but three of them are specifically about strong access control measures.Requirement seven states that you must restrict access to cardholder data by business need-to-know. In other words, only authorized personnel should have access to this sensitive information. What this means in practical terms is that you must limit access to computing resources and cardholder data to those people whose jobs necessitate it. Obviously, the more people who have access to a system full of cardholder data, the more likely someone with malicious intent, or even with dangerously inadequate training, can get to it.A merchant must also include a mechanism on systems with multiple users to restrict access to need-to-know. In other words, your system should be set to "deny all" unless otherwise stated.The eighth requirement of the PCI DSS is a little more involved. It requires you to assign a unique ID to each person with computer access. This makes it so that any actions taken on any critical systems are done by authorized employees or, more importantly, can be traced to those users.In more specific terms, this means that every employee must have their own ID. They cannot share a single ID between them. There must also be passwords, token devices, or biometrics along with the ID to authenticate the users. These passwords must also be encrypted in storage and in transit. User IDs require a whole other layer of management to make sure they remain safe.Access control measures have to be exactly that thorough, though. You can't go just halfway when it comes to data security. When you manage your passwords, then, you must be sure to control the addition, deletion, and modification of the IDs. Always verify the user before modifying passwords, set first-time passwords to a unique value for each user and then change it after the first use. Immediately remove access by terminated users, and remove access by terminated users, and remove any accounts that have been inactive for more than 90 days. Accounts for remote maintenance should only be active during the necessary period of time, and you must not use group, shared, or generic accounts and passwords.This is really just the beginning. But don't get overwhelmed, here. All these procedures are extremely important, and also relatively easy to maintain once they've been put into place.Requirement number nine of the PCI DSS states that you must restrict physical access to cardholder data. If someone can physically access cardholder data then they can remove the systems or hard copies which contain that information. There are a lot of restrictions here as well. A merchant must restrict access to publicly accessible network jacks and wireless access points as well.Visitors can become a problem if you're not paying attention. A visitor who is unauthorized to be there, and is also ignored while there, can cause a lot of problems. These visitors must be authorized to be in specific areas (where data is stored), or given a specific token that expires after a certain amount of time. You should also store media back-ups in secure locations. Off-site would be a good choice for this. Any paper and other hard copies need to be secured in safe locations as well. Possibly the most important thing to remember is that you must destroy everything that has this sensitive information when you no longer need it.PCI compliance can be a tricky and time consuming process, but the importance of the PCI DSS should not be underestimated. Data security is quickly becoming one of the most important aspects of a merchant's continued success.
signiture:
<p>Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about the <a target="_new" href="http://www.braintreepaymentsolutions.com/pci-compliance/p/3/">PCI DSS</a> or <a target="_new" href="http://www.braintreepaymentsolutions.com/data-security/article/14/">Data Security</a>, visit <a target="_new" href="http://www.braintreepaymentsolutions.com/">Braintree Payment Solutions</a> today.</p>
Related Products
Physician's Compensation: Measurement, Benchmarking, and Implementation
(more details) Physician Compensation Means More Than Money Physician compensation planning and methodology is a complex area that is influenced by many key factors. It takes experience and sharp analytical skills to manage. This invaluable handbook will serve as a guide for the physician compensation process and provide the medical practice industry with various alternatives, as there are no simple solutions to physician compensation modeling. This volume: Provides the foundation to build
(Amazon.com, none)
Physician's Compensation: Measurement, Benchmarking, and Implementation (Wiley Healthcare Accounting and Finance)
(more details) Physician Compensation Means More Than Money Physician compensation planning and methodology is a complex area that is influenced by many key factors. It takes experience and sharp analytical skills to manage. This invaluable handbook will serve as a guide for the physician compensation process and provide the medical practice industry with various alternatives, as there are no simple solutions to physician compensation modeling. This volume: Provides the foundation to build
(Amazon.com, none)
Classical Biological Control of Bemisia tabaci in the United States: A Review of Interagency Research and Implementation (Progress in Biological Control)
(more details) This book reviews the interagency research and development effort on classical biological control in the USA from 1992-2002. The successful exploration, importation, screening, evaluation, rearing, and establishment of at least five exotic Bemisia tabaci natural enemies in rapid response to the devastating infestations in the USA is a landmark in interagency cooperation and coordination of multiple disciplines. In this volume, the various authors present detailed reviews of natural enemy explora
(Amazon.com, none)
GE Profile JV936DSS 30" Wall Mount Range Hood with 600 CFM Blower, Hidden Controls, Four-Speed Fan Control, and Halogen Cooktop Lights: Stainless Steel
(more details) GE Consumer and Industrial spans the globe as an industry leader in major appliance, lighting and integrated industrial equipment systems and services. They provide solutions for commercial, industrial and residential use in more than 100 countries which uses innovative technologies and ecomagination. It's a GE initiative to aggressively bring to market new technologies that help customers and consumers meet pressing environmental challenges to deliver comfort, convenience and electrical protect
(Amazon.com, none)
K&l supply mc455 fat jack (k&l) -- ALL OF THE FEATURES THAT MAKE THE MC450 CENTER JACK GREAT AND MORE. FAT JACKS WIDER DECK SURFACE WITH RUBBER NON-SKID PAD INCREASES YOUR LIFTING AREA. THE DECK MEASURES 16"-LONG X 10"-WIDE. LIFTING DIMENSIONS ARE 31/2"-M
(more details) IMPORTANT NOTICE: Photo is sample photo of product or product for which its accessories are listed (example: Helmet or helmet's liner). The specific item for sale in this listing is: ALL OF THE FEATURES THAT MAKE THE MC450 CENTER JACK GREAT AND MORE. FAT JACKS WIDER DECK SURFACE WITH RUBBER NON-SKID PAD INCREASES YOUR LIFTING AREA. THE DECK MEASURES 16"-LONG X 10"-WIDE. LIFTING DIMENSIONS ARE 31/2"-MINI All of the features that make the MC450 Center Jack great and more. Fat Jacks wider deck
(Amazon.com, none)
PCI PCI-X PCI-Express Serial ATA I/II Host Controller Card SA3512-1E
(more details) This serial ATA host controller card is designed to offer a high performance. Cost effective and reliability solution to user who needs to accommodate storage peripherals with the new serial ATA interface. It can control two independent serial ATA...
(desktop computer accessories, DinoDirect)
Swisher Implements Broom Lift/Angle Controllers
(more details) BROOM LIFT/ANGLE CONTROLLERSRequired with electric Lift and or Angle Control panels allow user to function either or both the electric lift or the electric angle mechanism while seated in UTV
(automotive parts, JCWhitney.com)
Swisher Implements Control Power Broom Electric Lift/Angle
(more details) BROOM LIFT/ANGLE CONTROLLERRequired with electric Lift and or Angle Control panels allow user to function either or both the electric lift or the electric angle mechanism while seated in UTV
(automotive parts, JCWhitney.com)
Practical Design Control Implementation for Medical Devices
(more details) Bringing together the concepts of design control and reliability engineering, this book is a must for medical device manufacturers. It helps them meet the challenge of designing and developing products that meet or exceed customer expectations and also meet regulatory requirements. Part One covers motivation for design control and validation, design control requirements, process validation and design transfer, quality system for design control, and measuring design control program effectiveness.
(Amazon.com, none)
Controls and Automation for Facilities Managers: Efficient DDC Systems Implementation
(more details) The first-ever complete guide to project management for facilities managers covers: how to write specifications, evaluate bids, and solve problems; all control and automation systems for new and retrofit buildings; cost-effective, energy-efficient solutions for all HVAC systems; and has complete coverage of single-building systems as well as multibuilding complexes.
(Amazon.com, none)
Area-Wide Control of Insect Pests: From Research to Field Implementation
(more details) Insect pests are becoming a problem of ever-more biblical proportions. This new textbook collates a series of selected papers that attempt to address various fundamental components of area-wide insect pest control. Of special interest are the numerous papers on pilot and operational programs that pay special attention to practical problems encountered during program implementation. It s a compilation of more than 60 papers authored by experts from more than 30 countries.
(Amazon.com, none)
2S2I PCI Express SATA IDE Combo Controller Adapter Card - Storage controller (RAID) - Serial ATA-300/DMA/ATA-133(Ultra)/eSATA-300 - 300 MBps - RAID 0, 1, JBOD - PCI Express x1
(more details) Finally, the perfect solution for adding SATA and IDE drives to the same system! PEXSAT2IDE2 provides independent channels for two SATA drives, as well as a single channel connection for two IDE devices, with support for RAID 0, RAID 1 and JBOD, ...
(ClubMac, io controllers, StarTech)
Startech 4 Port PCI SATA RAID Controller Adapter Card - Storage controller (RAID) - 4 Channel - SATA-150 - 150 MBps - RAID 0, 1, 0+1 - PCI / 66 MHz
(more details) Make the jump to Serial ATA performance with a four-port RAID card from StarTech.com. You get four RAID-ready internal Serial ATA ports for your high performance Serial ATA hard drives. Whether you need Striping (RAID 0), Mirroring (RAID 1), or both ...
(io controllers, MacMall, StarTech)
2S1I PCI SATA IDE Combo Controller Adapter Card - Storage controller (RAID) - 3 Channel - SATA-150/DMA/ATA-133 - 150 MBps - RAID 0, 1, JBOD - PCI / 66 MHz
(more details) Not quite ready for complete Serial ATA dedication? No problem, StarTech.com� s PCISAT2IDE1 slot-saver PCI is the perfect way to upgrade to high-speed Serial ATA without losing your Ultra ATA connectivity. Two Serial ATA ports and one Ultra ATA133 ...
(ClubMac, io controllers, StarTech)
Startech 2 Port PCI Express eSATA Controller Adapter Card - Storage controller - 2 Channel - SATA-300 low profile - PCI Express x1
(more details) This 2 Port PCI Express eSATA Controller Adapter Card offers simple connectivity between a host computer and eSATA devices. Providing two eSATA ports the adapter card offers a cost-effective solution for connecting hot-pluggable, high-speed storage, ...
(io controllers, MacMall, StarTech)
Startech 1 Port PCI Express IDE Controller Adapter Card - Storage controller - IDE - 133 MBps - PCI Express x1
(more details) This PCI Express IDE Controller Adapter Card provides a cost-effective way to use legacy drives with modern computers, by converting an unused PCI Express port into an available IDE port.Providing data burst transfer rates of up to 133MBps and ...
(io controllers, MacMall, StarTech)
Startech 1 Port eSATA + 1 Port SATA PCI Express SATA Controller Card - Storage controller (RAID) - 2 Channel - SATA-300 low profile - 300 MBps - RAID JBOD - PCI Express x1
(more details) This PCI Express SATA Controller Card allows you to turn a PCI Express (1x) slot into one internal SATA and one external SATA (eSATA) connection. Supporting SATA 300 (SATA II) hard drives and data transfer rates of up to 3Gbps, this controller card is ...
(io controllers, MacMall, StarTech)
Audiovox DSS Adapter for Audiovox Electronic Cruiser Control
(more details) FORD DSS ADAPTER Required for installing cruise control on '92-95 Aerostar, Bronco, Econoline and F-Series Pickup models
(automotive parts, JCWhitney.com)
Rutherford Controls 120D-SS1
(more details) Pushbar (No Latch)with(SPDT) Switch and Cam Lock Dog
(Home Security, SpyTown)
Rutherford Controls 120D-SS2
(more details) Pushbar (No Latch) with(2SPDT) Switch and Cam Lock Dog
(Home Security, SpyTown)
Rutherford Controls 2DSS/SCS
(more details) 2 Door Status Sensor/Security Condition Sensor Combinations
(Home Security, SpyTown)
Rutherford Controls DSS/SCS
(more details) Door Status Sensor/Security Condition Sensor Combination
(Home Security, SpyTown)
Rutherford Controls L120D-SS1
(more details) Pushbar (No Latch)with(SPDT) Switch and Cam Lock Dog
(Home Security, SpyTown)
Related Articles
- How You Can Implement Identity Theft Prevention Measures
You will want to do all that you can to prevent identity theft. Identity theft is a growing crime and its results can be devastating to the person whose identity is stolen. It can take years to stra - Protect Your Floor: Controlling Airborne Moisture To Benefit Your Wood Flooring
Humidity is simply a high degree of moisture in the air, which when it is greeted with a cooler temperature results in condensation. Such levels of moisture can lead to warping, mildew growth or woo - Implementation Plan Using Account Payable Software
This article seeks to give you a solid knowledge base regarding the subject matter at hand, no matter what your previous experience on the topic. Developer of practice management, general ledger, - Electronic Medical Records – Are There Reasons For Low Implementation?
Electronic medical records promise to make the future of healthcare brighter for patients and medical providers, yet across the board, it’s estimated only 10 to 15 percent of doctors even use them - How To Select And Implement An Erp System
WHAT IS ERP? ERP is a term that is widely used yet probably not well understood. It stands for Enterprise Resource Planning and although it was initially targeted to manufacturing companies, tod - Home Improvement Career Ideas and How to Implement Them
Thanks to hundreds of home improvement television shows and magazines dedicated to home renovations and decorating, the home improvement industry is exploding. So, if you've been thinking about brea - Implementing Online Web Support With Knowledge Base Software
Copyright 2006 Anne Sych Whether you are managing staff or simply attempting to keep up with increasing support demands, online Web support is proving to be a useful cost cutting avenue for reso - Implementing Service Management: Part 1 - Service Level Management
What is Service Level Management? Service Level Management is one element of the 11 ITIL disciplines, and details the need to plan, draft, agree, monitor and report on service achievement within - Waste #9 - Failure to Implement Direct Marketing
Throughout my consulting experience, I have come close to creating the core five. This would include Direct Marketing step #7 of the 7 Steps To A Lot More Sales System.This is because the most under - Your Past Experiences will Effect Your Future, Unless you Implement a Change, Right Now
Sociologist Herbert Mead developed a theory known as social behaviorism, which helped explain why past social experiences help form an individuals (Infant Modeling) - 5S Implementation Is Truly Worth It
5S implementation is one of the smartest things you can do for your business, without a doubt. Your clutter will vanish, you will know where every single thing is in your shop, and everybody will be - Implementing Six Sigma
The six sigma process limit is what our upper and lower levels of quality will be. IT is used to determine if we are within the specifications of the customer needs. The six sigma process measures t - The Implementation of Poynings' Law in Ireland
The Lancastrian Tudor, Henry VII succeeded to the English throne in 1485 after the Battle of Bosworth. Henry was determined to bring order to England after almost a century of civil war. His marriag - Home Insurance Tips - You'll Save Massively If You Implement These
With the right home insurance tips you'll pay a lot less for adequate coverage. However, if you get the wrong ones, although you may still save, you may do so by compromising the quality of coverage - The Benefits of Implementing a Forex Trading Software System
With over two trillion dollars changing hands on a daily basis, the international forex market is by far the largest market on the planet. With the currencies of the world continually fluctuating in - SAP Business One International Implementation Highlights - USA and Brazil
SAP B1 mid-size and small business ERP and MRP system is available in multiple countries and SAP normally certifies SB1 with local government reporting and tax agencies. The nicety of this relativel - SAP Business One Implementation - Transportation Industry Example
SAP B1 increases the number of installations and implementations across the US and, having pretty modern design and flexibility, it offers alternative ways to traditional ERP rich modular functional - SAP Business One Implementation Scenarios- Rentals
SAP B1 gets its ERP and small business MRP market share in US, especially with the release of SB1 version 2007A. In this small publication we would like to give you practical highlights on deploying - St Louis Schools Implement Mandatory Summer School For All Eighth Graders
For some time within the public schools across the nation, there has been a focus on academic achievement by improving basic skills, decreasing the high school dropout rate, and preparing students t - Self - Hypnosis – 3 Simple Breast Enlargement Steps You Can Implement Today
Self - Hypnosis – 3 Simple Breast Enlargement Steps You Can Implement Today Self Hypnosis is a simple yet very powerful technique that you can use and implement today to increase the size of b - Adult Add: Why Implementing Add-friendly Systems Are Important
If you have ADD, do find yourself wanting to make more money? Do you want to be happier? You may find that if you just cut loose when you're ADD-driven, the next thing you know, you'll look arou - The Leaning of ISO9001 - How to Use Lean Principles to Simplify ISO Implementation
Lean refers to the elimination of waste and nonvalue-added activities from a Customer point of view. ISO 9001:2000 is the widely used International standard that enables many companies to compete in - Tips to Start Implementing ADHD Diet Therapy
Have you ever imagined your child free of prescription drugs? I will show you some ADHD diet remedies that you can introduce to your child's diet that can be implemented immediately.ADHD Diet remedi - Strong Blades Deliver Strong Results
When repairing and improving your home, anything less than a good utility knife and blade just won't cut it. A quality utility blade is a must for tackling home repair and maintenance projects. - How To Measure Body Fat At Home|best Body Weight Measurement Method?
In order to maintain a healthy weight management program, you need to know how to measure your body fat accurately. Most people will simply step on a weighing scale at home, read the numbers and exc
Related Questions
- which one of the following fly control measures is aimed at controlling only one type of fly pest of cattle?
- Can I tell a woman who works on my floor her perfume is too strong?
- "how many 9 inch square floor tiles are needed to cover a rectangular floor that measures 12' X 15'?"
- How do I found out what multimedia audio controller device was on my pci bus?
- There are currently measures to create a male birth control pill. Do you think more diseases will be spread? ?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- I'd like to buy a lightweight video tripod that measures floor height and camera angle.?
- Measuring and cutting holes in ceramic floor tile?
- Why was REI unable to implement same day buy on-line/pickup in store similar to Best Buy or Circuit City?
- Should the United States implement a national identification program for all citizens?
- How is the COBRA IDL used to support communications between objects that have been implemented in different pr
- Does Implementation and customer support in health care domain have good scope?
- Which is the best book to study for "MCTS: SQL Server 2005-- Implementation and Maintenance" exam?
- What sort of implement could you concoct with a small dead battery, a discarded straw, and a moist towellette?
- Would you like to see Sharia Law implemented in Britain or the USA?
- Would you like to see Sharia Law implemented in Britain or the USA?
- what is the oligation of national courts to implement domestic law in eu law?
- Which is the best for implementation of a database driven website ? php5 or ASP.NET ?
- Which is the best for implementation of a database driven website ? php5 or ASP.NET ?
- Should Bill Clinton have implemented an economic stimulus package before he left office?
- How have any Republicans implemented programs that "teach a man to fish"? What are the "jobs of the 21st"?
Comments
Login or register to post comments