How To Achieve PCI Compliance

A simple step-by-step guide on how your company can achieve PCI compliance.

How To Achieve PCI Compliance
A Simple Step-by-Step Guide
This guide will help give you a good idea of the processes
Preparing For PCI
and technologies you already have in place, and what needs
adding/amending. Compliance need not be a daunting task
– indeed, it is an opportunity to bring your IT technology,
PCI and similar regulatory compliance standards have
security and processes in line with other business-critical
evolved over the past few years, and this has led to
sections of your organization, and make your organization
much ambiguity as to the nature of an organization’s
run more efficiently. There are lots of very useful materials
available regarding PCI and security best practices. To help
obligations, and the specific system requirements and
you find this valuable information,here are some useful links
processes that are needed to satisfy such regulations
that will come in handy:
today and for future amendments. This step-by-step
guide removes this ambiguity,and clearly spells out the
pcisecuritystandards.org
ultimatewindowssecurity.com
two main things you need to know:
msdn.microsoft.com
businessweek.com
1. What are my PCI Compliance obligations?
networkworld.com
2. What steps are needed to satisfy these obligations?
honeycomb.co.uk
How Can Honeycomb Lexicon Help Me?
Honeycomb Lexicon helps your team get compliant and stay that way by offering a completely scalable
compliance monitoring solution with unlimited global reach.
Implementation and set up is straightforward without the need to invest in expensive consultancy.
Set up of new devices anywhere in the world can be done with ease from a centralised console.
A simple to set up alert system allows you to configure Honeycomb Lexicon to meet your specific needs.
Using real-time, continuous monitoring, alerting and reporting, Honeycomb Lexicon can alert you to any
issues that occur on your network. Using a huge database of policies and rules, users can customise the
alerting system to suit their needs, no matter where your offices are based.
PCI Compliance – How Best To Begin?
Achieving compliance for your in-scope systems and processes certainly requires a multi-faceted approach
– no single item or technology will give you everything. But this doesn’t mean your compliance project needs
to be daunting or prohibitively expensive. If your organization has been running for a while it’s likely you
already have many of the compliance procedures and technologies in-place. Compliance is a matter of
formalizing and organizing your existing procedures and infrastructure, and in doing so, adding in areas that
are not covered, and, crucially, being to demonstrate that you have put the correct mechanisms in place.
© Copyright 2015 Honeycomb Technologies Ltd. All Rights Reserved.
PCI compliance is achieved through the following means:
Company Processes and Policies
1.
It is crucial to compliance and business success that your organization composes and reviews a viable,
secure set of policies and processes that your entire organization can adhere to, follow and track.
Security Devices
2.
These include firewalls, SSL VPN devices, 2-factor authentication technology, encryption technology
and centralized account management.
Vulnerability Assessment
3.
Using a vulnerability assessment tool can greatly reduce the time it takes to expose a potential security
hole, thus making your network more secure and easier to manage.
Monitoring In-scope Systems
4.
Monitoring includes the use of anti-virus software, as well as system, resource, usage and behaviour
monitoring technology like Honeycomb’s Mesh® and Lexicon™ products.
The Latest Changes to PCI,V3
In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will
be forthcoming to the Data Security Standard (DSS) version 3 – and very soon. The change is related to
vulnerabilities seen with Secure Socket Layer (SSL) cryptography.
The National Institute of Standards and Technology (NIST) no longer views Secure Sockets Layer (SSL) v3
protocol being acceptable for protection of data due to inherent weaknesses within the protocol.
We’ve listed below some of the major changes in this release:
Implement additional security
Encrypt all non-console
Use strong cryptography and
For SSL/TLS implementations,
features for any required
administrative access using
security protocols to safeguard
examine system configurations
services, protocols, or daemons
strong cryptography.
sensitive cardholder data during
to verify that SSL/TLS is enabled
that are considered to be
transmission over open,public
whenever cardholder data is
insecure.
networks.
transmitted or received.
To learn more,please get in touch via our website, or contact one of our partners below.
UK,Europe & USA
Satisnet Ltd
Tel: (+44) 01582 434320
Email: sales@satisnet.co.uk
Africa & Asia
Zenith Systems
Tel: (+27) (011) 513 3473
Email: sales@zenithsystems.co.za
© Copyright 2015 Honeycomb Technologies Ltd. All Rights Reserved.

Download