This is the eighth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. To view the previous blog posts in this series, please follow the links below:
PCI Requirement 1 - Defending the Wall
PCI Requirement 2 - Change Your Defaults!
PCI Requirement 3 - Don't Store Cardholder Data!
PCI Requirement 4 - Hide in Plain Sight!
PCI Requirement 5 - Update and Scan
PCI Requirement 6 - Patches and Scanning and Coding, Oh My!!
PCI Requirement 7 - Thou Shall Not Pass!
PCI requirement 8: Identify and authenticate access to system components
This is the seventh blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. For links to the previous posts in this series, use the links below:
PCI Requirement 1 - Defending the Wall
PCI Requirement 2 - Change Your Defaults!
PCI Requirement 3 - Don't Store Cardholder Data!
PCI Requirement 4 - Hide in Plain Sight!
PCI Requirement 5 - Update and Scan
PCI Requirement 6 - Patches and Scanning and Coding, Oh My!
PCI Requirement 7: Restrict access to cardholder data by business need to know
Requirement 7 kicks off the access control portion of your PCI Compliance program. There are some fundamentals that need to be kicked around before we dig into some of the challenges companies face. The 2 principles related to access controls that we are going to cover are:
Hackers, Ransomware, and denial of service attacks get all of the attention when it comes to Information Security. However, you will quite often hear IT Security personnel state that the biggest threat to an organization is from within. With this in mind, if an organization’s biggest threat is its own employees, what can be done about this as an organization to mitigate risks associated with employees?
This is the sixth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process.
To view the previous posts in this series, follow the links below:
PCI Requirement 1 - Defending the Wall
PCI Requirement 2 - Change Your Defaults!
PCI Requirement 3 - Don't Store Cardholder Data!
PCI Requirement 4 - Hide in Plain Sight!
PCI Requirement 5 - Update and Scan
PCI requirement 6: Develop and Maintain Secure Systems and Applications
Requirement 6 joins the previous requirement in and around Anti-virus/Anti-Malware within the Vulnerability Management program section of the PCI requirements. This requirement will help you build a vulnerability management program that will ensure the development and maintenance of secure systems and applications. Patching and vulnerability scanning are critical components to this PCI requirement as it means there are some tools that need to be involved. Below I will discuss some challenges companies face when trying to meet this requirement. If your organization does application development for your PCI environment, there are a number of different pieces requirement 6 will make you comply with. These include formal software development procedures, formal code testing and deployment, as well as ensuring your developers are up-to-date on their secure coding techniques. These pieces of the program are not one and done, these are ongoing and fundamental to the PCI world you may live in.