PCI DSS and Click&DECiDE
What is PCI DSS?
PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It
was developed by the major credit card companies as a guideline to help organizations
that process card payments prevent credit card fraud, hacking and other security
issues. A retailer processing, storing, or transmitting credit card numbers must
be PCI DSS compliant or they risk to lose the ability to process credit card payments.
PCI DSS reflects the combined interests of VISA, MasterCard, Discover, Amertican
Express and JCB. These five credit card brands agreed on a common set of security
standards. Prior to this, each card brand managed their own set of requirements:
- MasterCard - Site Data Protection (SDP) Program.
- VISA - Cardholder Information Security Program (CISP) and Account Information Security
(AIS)
- Discover - Discover Information Security and Compliance
-
American Express - Data Security Operating Policies
Merchants and Service Providers must validate compliance with an audit by a PCI
DSS Qualified Security Assessor (QSA). For the
Click&DECiDE PCI Compliance White Paper, click here...
Click&DECiDE's Solution
Click&DECiDE's PCI Compliance Suite helps your IT staff to respect key mandates
of PCI DSS Version 1.1. PCI DSS mandates that an information security policy must
be established, published, maintained and desseminated. This policy includes:
- A process to identify and assess threats, vulnerabilities and risks.
-
A formal annual review and subsequent updates when the environment changes.
Click&DECiDE enables organizations processing credit card transactions to respect
these mandates, to collect data, archive data and monitor, report and alert on all
systems and applications that contain sensitive cardholder data. For example, Click&DECiDE
manages the following security events.
- Security Events:
- Failed system-level and application-level login attempts
- Failed access attempts to files or application data
- IDS/IPS events
- Exploitation of a system by a virus, worm or an unauthorized individual (hacking)
- Configuration Changes:
- Routers
- Firewalls
- Hosts
- Applications
- Other IT assets that are part of the credit card process
- Asset Changes:
- Applications being installed or removed
- Addition or removal of user and group accounts
- Service Changes
- Vulnerabilities
- Understnading vulnerabilities resident on an asset
Download the PCI DSS White Paper
View a Flash Movie of our Solution
Click&DECiDE's Training Workshops
The changes to business processes reflecting the requirements of PCI DSSwill bring
about important training needs for employees in the business. We can help identify
training needs and run subsequent programs for relevant staff, including senior
management training explaining their responsibilities.
Improve your understanding of the issues raised by the Internal Controls required
by key international regulations: Basel II, Sarbanes-Oxley (SOX), SEC 17a-3, a-4,
NASD 3010, 3110, PCI DSS, Tabaksblat Code, Lippens Code, La Loi de Sécurité
Financière (LSF) that affect the IT function within your organization.
Please contact our Senior Consultant, Benoît Rostagni for more information:
benoit.rostagni@clickndecide.com
Our interactive Training workshops cover the related Governing Bodies (PCAOB, AMF...),
the key internal control frameworks: COSO, COBIT, ISO/IEC 27002 (17799) and the
relationship and alignment between them. We tailor the content of our workshops
to your needs, according to range of topics you select the workshops can range from
1-2 Days.
Read more...
Bringing your company's security up to meet the regulatory standards may require
various changes, for example managing the reams of log data in your database, managing
your database volumes. We help you store, aggregate and purge your data, decrease
your database volumes and easily analyze and report pure business intelligence knowledge
in real-time, tailored to each of your department's specific needs. Please contact
us to see how we can help you: sales@clickndecide.com
|
