Industry View

Payment Card Industry Compliance

Ignoring the PCI Data Security Standard is risky business. Heres how you can prepare for compliance.

By Joan Herbig

Page 2

How Can I Prepare?

Preparing for a PCI audit or assessment can be a time-consuming and costly process, but there are ways to ease the pain. The first step is to consider what and how much data is being stored on your network. Ask yourself this question: Is all the data you store really necessary? Next, make sure that you have visibility into the information systems and data an outside auditor will need. And test yourselfgo through the review process yourself as a pre-assessment to see how well you fare.

Finally, identify how outside organizations can help you meet requirements, but vet their services carefully. Companies should shop around carefully when choosing an outside firm to perform quarterly network scans, for instance, advises Pamela Mallett, one of the creators of the original Visa standard and CEO of Securitrice Associates. The services these firms offer and the fees they charge vary a lot. Having a clear idea of the service you need to be PCI compliant can lead to significant savings.

Third-party software can also significantly reduce the time and cost associated with maintaining, demonstrating and enforcing PCI compliance. For instance, agentless software can automate the inspection and analysis of network asset configurations relative to PCI compliance, and real-time compliance reporting can reduce the time necessary to prepare for a PCI audit or assessment.

Embracing the PCI standard may sound like a big task, and you may wonder if its even necessary for your business. However, before you fill up your dance card with other priorities, consider this: As of now, there is no known case of a PCI-compliant network being compromised. Further, should an incident occur that threatens the safety of data stored on your systems, as long as you can demonstrate PCI compliance, you are likely to be safe from penalties and other embarrassing consequences.

Resources

You will find a more detailed description of the PCI program as well as a host of useful downloads here.

Joan Herbig is president and CEO of Cambia Security, a security policy enforcement provider. Prior to Cambia, she was CEO of XcelleNet, which was acquired by Sybase in 2004. In 2001 she was named Woman of the Year in Technology by the Technology Association of Georgia.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors