The PCI DSS is a multifaceted security standard developed as a collaborative effort among six industry-leading companies: Visa, MasterCard, American Express, Diner’s Club, Discover, and JCB USA, as well as major merchants. Comprised of twelve major categories, each with several individual requirements, the PCI DSS is a comprehensive standard that covers security management, policies, procedures, network architecture, software design and other hardened security measures.
DSS Milestones
1. Remove Sensitive authentication data and limit data retention.
2. Protect the perimeter, internal, and wireless networks.
3. Secure payment card applications.
4. Monitor and control access to your systems.
5. Protect stored cardholder data.
6. Finalize remaining compliance efforts, and ensure all controls are in place.
To achieve PCI DSS compliance, an organization must meet all PCI DSS requirements, regardless of the order in which they are satisfied or whether the organization seeking compliance follows the PCI DSS Prioritized Approach. The first step in this process is to locate all Credit Card information so as to allow organisations to have a better understanding of their risk and how much effort will be required to become compliant.
As indicated in milestone one:
This milestone targets a key area of risk for entities that have been compromised. Remember – if sensitive authentication data and other cardholder data are not stored, the effects of a compromise will be greatly reduced. If you don’t need it, don’t store it.
To achieve this milestone, one would need to have an overview and understanding of where the relevant Credit Card Data resides within your network.
Seven Days Technologies offers customers a PCI data discovery risk assessment service, which will allow customers to investigate and understand the full effect and scope of credit card data within their organization in accordance with the PCI DSS.
The non-intrusive engagement would discover the extent of the stored and processed credit card data within the organization. After which an organization will have a better understanding of where all credit card data is found within the organization and how it is processed through the organization. This will enable risk management and business to undertake the necessary risk ministration processes to comply with the PCI DSS.
At the end of the engagement a comprehensive report detailing all the locations of credit card data within the organizations infrastructure is delivered along with recommendations and action points. The following data is included in reports: Location, machine name, directory and or share name, file name, database name (table, Column, field), Data Types. Report Types: Executive Summary, Data Location Reports, Incidents Reports, Top shares, Hi-Risk locations
At the end of the engagement a comprehensive report detailing all the locations of personal information within the organizations infrastructure is delivered along with recommendations and action points.
The following data is included in reports:
Location, machine name, directory and or share name, file name, database name (table, Column, field), Data Types.
Report Types:
Executive Summary, Data Location Reports, Incidents Reports, Top shares, Hi-Risk locations
Seven Days Technology strives to deliver innovative data protection solutions and services to assist customers in protecting their data assets.