SMB Guide To Credit Card Regulations, Part 2: The Low-Hanging Fruit

The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.

Jennifer Jabbusch, VP of Engineering and consulting CISO at Carolina Advanced Digital

November 2, 2010

1 Min Read

The PCI Security Standards Council has created a document outlining a prioritized approach to help businesses comply with PCI DSS. It's a way to grab the low-hanging fruit, helping businesses tackle some of the more simple tasks that can provide a greater security ROI. I've boiled it down here to help small to midsize businesses (SMBs) get started.The official document is about 15 pages of an organized chart, outlining tasks and subtasks as they relate to the PCI DSS requirements and the six primary milestones of the Prioritized Approach document. Those six milestones and goals are:

1: Remove sensitive data and limit data retention.

2: Protect the networks.

3: Secure payment card software applications.

4: Monitor and control access to your systems.

5: Protect stored cardholder data.

6: Finalize remaining compliance efforts, and ensure controls are in place to meet the rest of the PCI DSS requirements.

Instead of regurgitating the dozen or so pages of itemized tasks, I thought it would be more useful to identify a set of specific tasks for small businesses to address, by category. Each task relates to one or more milestones in the Prioritized Approach and helps achieve one or more of the PCI DSS requirements.

Network and Device Low-Hanging Fruit

About the Author(s)

Jennifer Jabbusch

Jennifer Jabbusch

VP of Engineering and consulting CISO at Carolina Advanced Digital

Jennifer Minella is VP of Engineering and consulting CISO at Carolina Advanced Digital, and an author, speaker and consultant for infrastructure security for government, education and Fortune 100 and 500 corporations.

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner's Guide. He serves as returning faculty at the Practicising Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

See more from Jennifer Jabbusch
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

MITRE Corp's logo in blue
Endpoint Security
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti BugsMITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
byNate Nelson, Contributing Writer
Apr 22, 2024
3 Min Read
The letters EDR/XDR amid binary code
Application Security
Evil XDR: Researcher Turns Palo Alto Software Into Perfect MalwareEvil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
byNate Nelson, Contributing Writer
Apr 19, 2024
4 Min Read
Kuala Lumpur, Malaysia, skyline against the harbor at sunrise
Cyber Risk
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity ProsLicensed to Bill? Nations Mandate Certification of Cybersecurity Pros
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events