Sunday, November 22, 2009
Lessons Learned From PCI Compliance
Whether you think PCI is a useful standard that makes our credit card data safer or a credit card industry whitewash that merely creates the illusion of security, PCI compliance is a fact of life.
As part of PCI compliance, companies that process a high volume of credit card transactions must submit to an annual assessment by a qualified security assessor, or QSA. For example, Visa requires it of merchants that process 6 million or more transactions. Assessors work for third-party organizations and generally visit companies to examine their processes and determine whether they comply with PCI rules.
More Security InsightsWhitepapersThe How and Why of PCIIDC Report: Complex Event Processing Opportunity Analysis and Assessment of Key ProductsWebcastsTapping into the Information Pipeline in Real-Time: Creating new levels of visibility and control for the Oil and Gas IndustryLessons From the "2009 Data Breach Investigations Report"ReportsHTML 5 Starts Looking Real (Dr. Dobbs)Hybrid CloudsVideos
Forbes CIO Mykolas Rambus talks about managing cost cutting, the changing role of the CIO, building leadership within, and his company's high priority on mining intelligence from vast amounts of data.
To help companies get ready for a an evaluation, we asked QSAs to describe common problems they encounter when working with IT groups on PCI compliance. What follows are five best practices to help companies better prepare for an assessment and maintain compliance. Information Week