Common Points of PCI Compliance Failure
With all the security issues facing businesses today, there has been an increase in articles offering advice on how to maintain security in this very challenging environment. The Payment Card Data Security Standard, a set of compliance regulations applying to every business that accepts, processes, stores or transmits credit card data, can be confusing. Daniel Humphries, managing editor of IT security at Software Advice, a company that reviews IT security software, interviewed me recently for his article on “How to Avoid the Seven Deadly Sins of PCI DSS Failure.” Daniel did an outstanding job identifying where businesses most often fail a PCI audit and goes on to offer advice as to how to avoid those mistakes. Here’s the list:
Seven Deadly Sins
1. No Network Segmentation
2. Inadequate Access Controls
3. Sloppy Logging and Monitoring
4. Feeble Firewalls and Rotten Routers
5. Errors of Encryption
6. Really Dumb Passwords
7. Dubious Drafts of Documents
I recommend that anyone dealing with implementing PCI compliance regulations to read the entire article.
Based in the Philadelphia area, Jeff VanSickel is a seasoned Information Security Professional with over 20 years’ experience in the areas of Information Security, Information Technology, Audit Compliance, Risk and Project Management. Jeff, being a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a certified CISSP and CISM, he is highly knowledgeable about US Federal and State Law (including SOX, HIPAA, GLBA and Breach Law), US Regulations, ISO-27001/2, NIST, and PCI-DSS.
