Tuesday Sep 26

Posts Tagged ‘PCI DSS’

An SMB Guide to Credit Card Regulations: Part II- The Low-Hanging Fruit- Networks and Users [Dark Reading]
Last Updated on Wednesday, 3 November 2010 10:04
Written by jj
Wednesday, November 3rd, 2010

The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It’s a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I’ve boiled it down here to help small to midsize businesses get started.The official document is about 15 pages of an organized chart, outlining tasks and subtasks as they relate to the PCI DSS requirements and the six primary milestones of the Prioritized Approach document. Those six milestones and goals are:

1: Remove sensitive data and limit data retention
2: Protect the networks
3: Secure payment card software applications
4: Monitor and control access to your systems
5: Protect stored cardholder data
6: Finalize remaining compliance efforts, and ensure controls are in place to meet the rest of the PCI DSS requirements.

Instead of regurgitating the dozen or so pages of itemized tasks, I thought it would be more useful to identify a set of specific tasks for small businesses to address, by category. Each task relates to one or more milestones in the Prioritized Approach and helps achieve one or more of the PCI DSS requirements.


Read the entire article at Dark Reading

# # #

Tags: , ,   |  Posted under SMB, White Papers & Guides  |  Comments  No Comments
An SMB Guide to Credit Card Regulations: Part I- PCI DSS Q&A [Dark Reading]
Last Updated on Thursday, 21 October 2010 01:54
Written by jj
Thursday, October 21st, 2010

This article is the first in a short series designed to help small businesses understand the regulations around securing credit card transactions, specifically the PCI DSS (Payment Card Industry’s Data Security Standard) requirements.

In an effort to provide the most tangible information, I’ve consulted with a Qualified Security Assessor (QSA). Portions of content and resources in this series have been contributed by trusted security colleague, Martin McKeay, QSA and host of the Network Security Podcast.

Let’s jump right in and start looking at some of the most intriguing questions surrounding the PCI DSS requirements, as they apply to smaller businesses.

Read the entire article at Dark Reading

# # #

Tags: , ,   |  Posted under SMB  |  Comments  No Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- SearchSecurity
- TechTarget

Get Social



Enter your email address:

Delivered by FeedBurner