tailieunhanh - Lessons Learned: Top Reasons for PCI Audit Failure and How To Avoid Them

To address this need, PricewaterhouseCoopers has developed the Hub and Spokes Resource Model ™. The Hub and Spokes Resource Model assumes that certain core internal audit resources and capabilities will remain resident within the company. This “hub” provides internal audit with the leadership, continuity and experience that are unique to your organisation. The “spokes” in the model represent elements of a possible cosourcing relationship. In the example below, the core team would call upon the capabilities of a cosourcing partner to provide the resources necessary to audit unique, complex or specialty areas such as information security, SAP system controls, Sarbanes-Oxley Act compliance, fraud investigation and business continuity planning. . | WHITE PAPER Lessons Learned Top Reasons for PCI Audit Failure and How To Avoid Them VeriSign Global Security Consulting Services CONTENTS Top Reasons Customers 3 Fail PCI Audits Compromise Trends 4 Correlating Audit Failures 5 and Compromise Trends Practical Tips What You 6 Can Do Better Store Less Data 7 Understand the Flow 7 of Data Encrypt Data 8 Address Application and 9 Network Vulnerabilities Improve Security Awareness 11 and Training Monitor Systems for Intrusions 12 and Anomalies Segment Credit Card Networks 13 and Control Access to Them Future Considerations 14 Glossary 15 For More Information 16 WHITE PAPER Lessons Learned Top Reasons for PCI Audit Failure and How To Avoid Them Since Visa mandated the Cardholder Information Security Program CISP in June 2001 and MasterCard introduced the new Site Data Protection SDP program in June 2004 many merchants processors and acquiring banks have been working diligently to meet their specific requirements. Today s Payment Card Industry Data Security Standard PCI DSS which combines requirements of the Visa and MasterCard programs prevails as one of the most preeminent achievements in the information security industry. However many merchants and service providers are struggling with the increased complexity associated with the PCI Data Security Standard. Although the drive to protect credit card data is vital many companies have yet to implement the technology and processes needed to address the standard s specific requirements. Even companies that have welcomed the standards are discovering holes in their PCI compliance strategy. As a leading provider of PCI assessments and supporting security services the VeriSign Global Security Consulting team has performed several hundred PCI assessments since the program s inception. The requirement failures and actual compromises that we have observed during these assessments exhibit common themes. This paper identifies proven tactics that help companies achieve PCI compliance

• Tài chính doanh nghiệp
• traditional antivirus
• antispyware
• Quickly deploy
• Simplify implementation
• environment through
• easy management
• environments
• Protect end to end
• Actively protect