Saturday, December 11, 2004
Here's a "twelve commandments" list
Visa has started ordering card processors to comply with their Cardholder Information Security Program. It's mostly common sense, and their summary gives you a good place to start whatever your business.
They require, on pain of fines that can reach six figures, that card handlers must:
# Install and maintain a working firewall to protect data.
# Keep security patches up-to-date.
# Protect stored data.
# Encrypt data sent across public networks.
# Use and regularly update anti-virus software.
# Restrict access according to “need to know” basis.
# Assign unique ID to each person with computer access.
# Don't use vendor-supplied defaults for passwords and security parameters.
# Track all access to data by unique ID.
# Regularly test security systems and processes.
# Implement and maintain an information security policy.
# Restrict physical access to data.
|
They require, on pain of fines that can reach six figures, that card handlers must:
# Install and maintain a working firewall to protect data.
# Keep security patches up-to-date.
# Protect stored data.
# Encrypt data sent across public networks.
# Use and regularly update anti-virus software.
# Restrict access according to “need to know” basis.
# Assign unique ID to each person with computer access.
# Don't use vendor-supplied defaults for passwords and security parameters.
# Track all access to data by unique ID.
# Regularly test security systems and processes.
# Implement and maintain an information security policy.
# Restrict physical access to data.
# posted by Frederick @ 9:46 AM Email to a friend:
Haloscan: they provide trackback