Other Key points for PCI compliance
|
Author | Content |
---|---|
dthacker Apr 24, 2011 10:13 AM EDT |
Things the author left out
-Know where your cardholder data lives. Make sure every connection to that system is actually needed.
-Make sure your cardholder data is not getting moved to insecure systems.
-Educate your user community on the consequences of a breach.
-Monitor and audit your system configuration rigorously.
-Have and use a change control methodology. Dave |
gus3 Apr 24, 2011 2:59 PM EDT |
Quoting:Educate your user community on the consequences of a breach.Including the clear, unqualified statement that anyone found guilty of abusing access to information will be handed over to the law enforcement authorities, no exceptions. Preferably followed by a demand for direct affirmation of same, from the one or two audience members who have that "I really have better ways to spend my time" look on their faces. They don't have better ways to spend their time. Call them out on their lackadaisical attitude, and make it clear that such an attitude has no place in dealing with confidential information. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!