PCI DSS and the Seven Domains
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
As a business that is entering into the web business and having the ability to receive payment from Credit Cards negates that the business now complies with some standards that secures all of the customers information from misuse and inappropriate access from unauthorized persons.. To do this some logical approaches and best practices have been proven to facilitate a business meeting the PCI DSS standards. These best practices start with a simple install of a firewall that isolates the business’ network from unauthorized outside access to the customer’s information. Also, make sure that all defaults setting on the network are changed as the default information is a generally known value and easy to bypass security if not changed. (Gibson, 2011) These are generally good practices for security on any network anyway, but definitely a good start to achieving the PCI DSS standard.
Once these measures are taken, it is now important to protect the data that you are using from the customer to complete a purchases. The best way is to setup access control measure within the LAN and that the LAN to WAN interface is protected by a firewall. When using the information to authorize outside of the LAN environment it is important to protect the information by encrypting the data being sent to the authorizing entity. By doing this you can further protect the information stored at your business from unwanted access and viewing. Within the business itself physical access control is another way to further protect the data. Doing this physical access control will limit the access within the business by unauthorized employees. (Gibson, 2011) Next, and not to be overlooked, a policy needs to be created that will setup the business to a lifestyle within that is setup to protect this information at all times.
This policy should also contain a plan to develop and maintain a Vulnerability Management Program. This program should contain the information pertaining to keeping the Anti Virus information up to date and how the business will develop and maintain a secure network environment. (Gibson, 2011) It also will provide the ways the business will test and evaluate the effectiveness of this plan and setup within your network. It also will show how the business will report and log the data pertaining to these measures.