Other Key points for PCI compliance

Story: Instituting 'Defense in Depth' for PCI Compliance on a Linux Platform Total Replies: 1
Author Content
dthacker

Apr 24, 2011
10:13 AM EDT
Things the author left out -Know where your cardholder data lives. Make sure every connection to that system is actually needed. -Make sure your cardholder data is not getting moved to insecure systems. -Educate your user community on the consequences of a breach. -Monitor and audit your system configuration rigorously. -Have and use a change control methodology.

Dave





gus3

Apr 24, 2011
2:59 PM EDT
Quoting:Educate your user community on the consequences of a breach.
Including the clear, unqualified statement that anyone found guilty of abusing access to information will be handed over to the law enforcement authorities, no exceptions.

Preferably followed by a demand for direct affirmation of same, from the one or two audience members who have that "I really have better ways to spend my time" look on their faces. They don't have better ways to spend their time. Call them out on their lackadaisical attitude, and make it clear that such an attitude has no place in dealing with confidential information.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!