PCI Security Standards Council Issues Guide
Information-Security-Resources.com would like to publicly recognize the ongoing accomplishments of the PCI Security Standards Council, and applaud their efforts in adopting key announcement pre-briefings. Good luck Lib.
Hi Anthony,
In the last year, data security and the prevention of massive breaches like the Heartland breach have got everyone thinking about the security of credit card transactions.
I wanted to check in and see if you were available to meet with the new chair of the PCI Security Standards Council, Lib de Veyra. The chair of the Council rotates on an annual basis and as of January 1st, Lib de Veyra, vice president, emerging technologies at JCB International, and member of the Council’s Executive Committee will be leading the group. He would be available to bring you up to speed on:
· what’s on the horizon for global payment data security in 2009
· new training courses for merchants to understand the assessment process
· an update on emerging technologies, and how they are interpreted by the Council
· new devices falling under the PED security requirements
In addition to the above, we would like to share with you an announcement the Council will be making that directly affects how merchants prioritize their approach to data security.
I wanted to make sure this was in your calendar… Lib is looking forward to speaking with you. He’ll discuss the Council’s goals and priorities for 2009, as well as have a discussion with you about a new framework the Council developed called the Prioritized Approach. The Prioritized Approach is being announced officially tomorrow. Below is the draft press release, in advance of your call with Lib.
-Excerpt from communique sent to ISR on behalf of the PCI Security Standards Council
************************************************************
“With strong partnerships and alliances we can change the future of IT Security, Data Privacy and Public Policy. I would personally like to thank our long time trusted friends at the PCI Standards Council for keeping our team at Information Security Resources briefed on significant standards that can only continue to strengthen the financial industry. Personal ‘shout out’ to Bob!”
- Kevin M Nixon, MSA, CISSP, CISM, CGEIT
***********************************************************
PCI SECURITY STANDARDS COUNCIL LAUNCHES NEW RESOURCE TO GUIDE
MERCHANTS TO PCI DATA SECURITY STANDARD COMPLIANCE
Prioritized Approach framework helps merchants focus PCI Data Security Standard implementations through six security milestones
WAKEFIELD, Mass., Mar. 3, 2009 — The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today released a new resource to promote card data security through adoption of the PCI DSS. The Prioritized Approach framework helps merchants identify highest risk targets, create a common language around PCI DSS implementation efforts and demonstrate progress on the compliance process to key stakeholders.
The Prioritized Approach framework was created to help merchants who are not yet fully compliant with the PCI DSS understand and reduce risk while on the road to compliance. Comprised of six security milestones outlined below, the tool focuses on best practices for protecting against the highest risk factors and escalating threats facing cardholder data security:
· Milestone One: If you don’t need it, don’t store it
· Milestone Two: Secure the perimeter
· Milestone Three: Secure applications
· Milestone Four: Monitor and control access to your systems
· Milestone Five: Protect stored cardholder data
· Milestone Six: Finalize remaining compliance efforts, and ensure all controls are in place
“Securing cardholder data is the ultimate priority and following the PCI DSS is the best way to achieve this. The Prioritized Approach framework will help stakeholders understand where they can act to reduce risk earlier in their journey towards PCI compliance,” said Bob Russo, general manager, PCI Security Standards Council. “The launch of these new guidance and interactive documents are another step by the Council to increase understanding of and education around PCI DSS among merchants, providing them with insight into how they can protect card holder data faster and demonstrate progress and compliance with the PCI DSS.”
The Prioritized Approach framework is comprised of a reference document and simple to use, downloadable worksheet that allows merchants to sort specific PCI DSS requirements by Prioritized Approach milestones. Both tools are available on the Council website.
The Prioritized Approach was compiled after considering actual data compromise events, feedback from Qualified Security Assessors (QSAs) and forensic investigators and input from the PCI SSC Board of Advisors. The guide gives practical suggestions on how to approach compliance with PCI DSS to create the most immediate impact on card data security in a merchant’s environment. The Prioritized Approach also creates a common language to improve communication around compliance progress between merchants, QSAs, acquiring banks and card brands.
Educational webinars to provide insight and information on how to utilize the Prioritized Approach framework will be held on Wednesday, March 18th at 11:30am and 7:30pm ET. Register at http://register.webcastgroup.com/event/?wid=0800318094557 (11:30 am ET Webinar) or http://register.webcastgroup.com/event/?wid=0800318094558 (7:30 pm ET Webinar).
For More Information:
For more information about the PCI Security Standards Council or to become a Participating Organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at info@pcisecuritystandards.org.
About the PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by fostering broad adoption of the PCI Data Security Standard and other standards that increase payment data security.
The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Applications Data Security Standard (PA-DSS). Merchants, banks, processors and point of sale vendors are encouraged to join as Participating Organizations.
Filed under: Breach, FEATURE ARTICLE, Financial, PCI, Uncategorized, privacy
Comments
3 Comments on PCI Security Standards Council Issues Guide
-
Business & Finance Blogs » Blog Archive » Visa Puts Heartland on Probation Over Security Breach on
Fri, 13th Mar 2009 2:58 am
-
Payment Card Industry Swallows Its Own Tail « Your Mortgage or Your Life… on
Wed, 1st Apr 2009 11:02 pm
-
Element Payment Services on
Thu, 6th Aug 2009 10:44 am
[...] called to the carpet for the apparent lapses in Payment Card Industry Data Security Standards (PCI DSS) that contributed to the largest data breach of 2008, perhaps even the largest breach ever [...]
[...] the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal [...]
Test your PCI compliance knowlege with our fun and informative PCI Compliance Quiz Widget. If you enjoy it, feel free to cut and paste the script so that you can host it (free of charge) at your blog or website.
Thanks.
Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
