Docstoc

Ensuring PCI DSS Compliance – Part II

Document Sample
Ensuring PCI DSS Compliance – Part II Powered By Docstoc
					                         Ensuring PCI DSS Compliance – Part II

In the first part of this article, we looked at PCI DSS, the various PCI DSS requirements and the negligent attitude
shown by some merchants and business owners with respect to PCI DSS compliance. In the second and final part of this
article, we will look at one of the best means to ensure PCI DSS compliance.

As everybody knows, PCI DSS compliance management is a delicate affair. One slip or compromise could result
in huge financial losses and brand-image exposure(s).Therefore, it is highly necessary that merchants and
business owners put in place an integrated and comprehensive approach that combines process, people, and
technology for effective PCI DSS compliance management. As it involves automated monitoring for detecting
security vulnerabilities, mapping of security controls for assessing conformance and gaps, and initiating
remediation actions for meeting compliance requirements, enterprises and business owners can ensure
continuous compliance. Some of the features of a best of the breed PCI compliance management solution are:

         Simple, menu driven assessment to understand and gain control over PCI-DSS requirements
         Advanced citation and policy based risk model that is customizable and easily configurable
         Library of free policies and procedure templates to customize and then attach as evidence
         Extensive online help, best practices and recommendations included for every regulation / Standards
         Tracking and managing of the user’s external vendors
         Central repository for all compliance related documentation
         Support for multiple roles in an enterprise with complete delegation of responsibilities
         Complete customization specific to the business
         A finished document that can be used to show compliancy to other organizations and auditors
         Automatic updates to changes in regulatory / standards requirements
         Unified Security & IT Compliance management solution in one application
         Completely cloud-based service with no hardware or software investments required
         Display questionnaires to evaluate manual controls
         Remediation tracking
         Compliance activity email reminders
         Track credit card or sensitive data within databases, file systems, desktops, and servers
         External vulnerability scans
         Analyze firewall rule sets
         Perform vulnerability scans & integrate with existing vulnerability scanners
         Integrate with web application scanners
         Configurable citation and policy based Risk Model with real-time risk status
         Extensive Reports–risk reports and compliance reports on demand

PCI compliance becoming an everyday concern, end-to-end automation eliminates costly manual procedures
reducing costs by up to 90% and transforms regulatory compliance from a reactive to a proactive environment.

Read more on - IT Security and compliance, HIPAA/HITECH Compliance, IT Compliance

				
DOCUMENT INFO
Description: In the first part of this article, we looked at PCI DSS, the various PCI DSS requirements and the negligent attitude shown by some merchants and business owners with respect to PCI DSS compliance. In the second and final part of this article, we will look at one of the best means to ensure PCI DSS compliance.