This information was presented by Emma Sutcliffe, Director of Standards Coordination, PCI Security Standards Council
Req 11 - Regularly Test Security Systems and Processes, System Components, processes and Custom Software
Look for unnatural wireless access points [link - definition], even if there is no wireless
Run network vulnerability scans at least quarterly
Run penetration tests [link - definition] at least once a year
Use intrusion detection systems and/or intrusion prevention
Look for changes to critical files at least weekly
Check for changes to executable files at least weekly
Req 12 -Maintain a policy that addresses information security for all personnel.
All personnel should be aware of sensibility of data and their responsibilities.
Establish, publish, maintain and disseminate a security policy
Develop daily operational security policies
Assign to individuals or team security management responsibilities
Screen personnel prior to hire to minimize attacks
Implement an incident response plan and respond immediately to breaches
Obtain a written agreement (include acknowledgement) from your service provider(s) responsible for security of cardholder data.
No comments:
Post a Comment