The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.

Jennifer Jabbusch, VP of Engineering and consulting CISO at Carolina Advanced Digital

November 2, 2010

1 Min Read

The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.The official document is about 15 pages of an organized chart, outlining tasks and subtasks as they relate to the PCI DSS requirements and the six primary milestones of the Prioritized Approach document. Those six milestones and goals are:

1: Remove sensitive data and limit data retention.

2: Protect the networks.

3: Secure payment card software applications.

4: Monitor and control access to your systems.

5: Protect stored cardholder data.

6: Finalize remaining compliance efforts, and ensure controls are in place to meet the rest of the PCI DSS requirements.

Instead of regurgitating the dozen or so pages of itemized tasks, I thought it would be more useful to identify a set of specific tasks for small businesses to address, by category. Each task relates to one or more milestones in the Prioritized Approach and helps achieve one or more of the PCI DSS requirements.

Network and Device Low-Hanging Fruit

About the Author(s)

Jennifer Jabbusch

VP of Engineering and consulting CISO at Carolina Advanced Digital

Jennifer Minella is VP of Engineering and consulting CISO at Carolina Advanced Digital, and an author, speaker and consultant for infrastructure security for government, education and Fortune 100 and 500 corporations.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner's Guide. He serves as returning faculty at the Practicising Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights