PCI DSS

Download free HIPAA, PCIDSS and ISO27001 Password Security Policy Templates. This Templates covering basic security policy such as:
- To keep passwords confidential, which includes in no circumstances giving them to a third party, whatever the ostensible reason.

- To avoid keeping any paper or electronic record of passwords (unless this can be securely stored – which means encryption and strong, two-factor access control protection).

Conformance to the PCI data security standard represented by PCI has become a "cost of doing business." In order to participate in the card payment-processing industry, conformance is not negotiable. The only enforcement necessary to ensure adoption of the standard is exclusion from participation in the industry. Visa, MasterCard, and other card issuers have "decertified" service providers for nonconformance with the standard. The most notable of these events have occurred after disclosure of security breaches resulting in loss of cardholder private data.

From a data security standpoint, the PCI standard represents commonly accepted data security standards and practices. There is nothing extraordinary in the standard. It is a set of standard best practices already well accepted in the IT security field. While the PCI standard represents basic security practices, the imposition of the PCI standard on the card payment-processing industry has had a dramatic impact on the technical infrastructure of the industry.

PCI has changed the focus of every software developer of card payment-processing software in any form to shift from adding feature functionality and reducing cost to restructuring their software to accommodate the standard. The impact has been felt across the spectrum of commercial software and system providers to individual retailers who develop and maintain their own systems. Similar to the general impact of SOX, the PCI standard has added vocabulary regarding standards, controls, and audits to an entire industry from smallest to largest and across the spectrum of industries.

List of Installation and Maintenance Checklist for Firewall Configuration so it could comply to PCI DSS
1. The PCI DSS requires a firewall that provides stateful inspection, also known as dynamic packet filtering.

2. Stateful inspection firewalls offer strong security along with good performance and transparency to end users, unlike the packet filtering and proxy firewalls.

3. Document your dataflow in order to aid the system and security administrators in configuring the firewall with the proper rule set.

4. Disable or remove all unneeded ports, protocols, and services not required for business purposes.

IDSes differ from IPSes in that they will only send alerts to the administrators if suspect activity is detected. An IPS will take corrective actions.

A network TAP provides the best possible connection point for any type of intrusion detection solution. It eliminates potential bottlenecks and dropped packets.

IPS solutions are considered the “next generation” of intrusion detection and, when properly configured, will take corrective actions in addition to alerting appropriate personnel.

For you who has a difficulties mastering or understanding PCI DSS (Payment Card Industry Data Security Standard) concept, this one slide PCI DSS Workflow is a simple material for you to explain more about PCI DSS Compliances. For more information please visit here. This slide is available for free