ITCi White Paper: Challenges and Opportunities of PCI

Challenges and
Opportunities
of PCI
Sponsored by:
www.ITCinstitute.comChallenges and Opportunities of PCIThe control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for Table of Contentsimproving operational, security, and audit performance. The bene?ts of the PCI DSS go beyond audit costs and results, however. As a secu- 2 Identifying the Challenges of PCIrity model, PCI requirements can help companies control compliance costs and build a more ef?cient and reliable IT infrastructure that 3 The Basics of PCIdelivers better service while incurring less risk. Alignment of business 4 Exploiting the Opportunities and PCI goals ensures that internal security standards remain consis- of PCItent with PCI requirements and that security policies remain relevant and enforced. 5 The Payoffs of Control Frameworks
About the IT Compliance Institute 5 Improve Business Performance The IT Compliance Institute (ITCi) strives to be a global authority with PCI DSS Controlson the role of technology in business governance and regulatory compliance. Through comprehensive education, research, and analysis 6 Measuring PCI Performance Gainsrelated to emerging government statutes and affected business and technology practices, we help organizations overcome the challenges 7 Using PCI Mandates to Improve posed by today's regulatory environment and ?nd new ways to turn Business Operationscompliance efforts into capital opportunities. 8 Suggestions for a Smooth PCI ITCi's primary goal is to be a useful and trusted resource for IT profes- Implementationsionals seeking to help businesses meet privacy, security, ?nancial accountability, and other regulatory requirements. Targeted at CIOs, 10 Solutions for PCI: PCI-Mandated CTOs, compliance managers, and information technology professionals, Monitoring and Change Control ITCi focuses on regional- and vertical-speci?c information that promotes with Tripwire Solutionsawareness and propagates best practices within the IT community.
For more information, please visit: www.itcinstitute.com
All design elements, front matter, and content are copyright © 2007 IT Compliance Institute, a division of 1105 Media, Inc., unless otherwise noted. All rights are reserved for all copyright holders.No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under § 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the copyright holder. Limit of Liability/Disclaimer of Warranty: While the copyright holders, publishers, and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of its contents and speci?cally disclaim any implied warranties of merchantability or ?tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be usable for your situation. You should consult with a professional where appropriate. Neither the publishers nor authors shall be liable for any loss of pro?t or any other commercial damages, including, but not limited to, special, incidental, consequential, or other damages.All trademarks cited herein are the property of their respective owners.
www.ITCinstitute.com 1ComplianceINSIGHT: PCI
Challenges and Opportunities of PCI
The greatest risk to credit card data is constantly evolving corporate decision makers must determine the organiza-exploits that target both technical and administrative tion's pre-audit PCI status.vulnerabilities in information systems. The Payment Card Industry Data Security Standard (PCI DSS) addresses Many managers considering PCI DSS implementation those vulnerabilities, speci?cally those affecting sensitive soon discover that they face several complex technologi-cardholder data, and sets forth requirements companies cal challenges; most notably:must meet to minimize the impact of those vulnerabili-ties on security. The PCI standard requires continuous . Tracking and monitoring access to the network and validation of security efforts, so companies complying systems containing cardholder data with PCI DSS can't simp... [download for more]