PCI Security Policy Solutions

About the Payment Card Industry Data Security Standard

In December 2004 a consortium of credit card companies, including VISA and Mastercard, combined their various approaches and adopted a common set of recommended security controls for protecting customer credit card information known as the Payment Card Industry Data Security Standard (PCI Standard). In September 2006 an updated version was released by the PCI Security Standards Council as PCI-DSS 1.1. According to the standard, all members, merchants and service providers that store or process credit cards are subject to these data protection standards.

Requirement 12 of the PCI standard states that every organization should "maintain a policy that addresses information security for employees and contractors." Critical to this requirement is that the security policies cover all of the technical requirements covered within the standard.

The PolicyShield Security Policy Subscription Service contains everything an organization needs to build and maintain a complete set of written information security policies and keep them up to date based on the latest threats. Includes a comprehensive library of over 1400 pre-written information security policies and expert commentary covering each of the security areas identified within PCI-DSS.   » Learn More

Sample Security Policy Topics included:
Building and Maintaining Firewalls; Data Encryption and Key Management; User Password Management; Privilege Management; Physical Security Protection Against Malicious Software; Information Security Training; Event Logging, Network Security, System Acceptance and much more.

Documented Information Security Roles

The PCI Data security standard also requires definition and documenting information security roles and responsibilities. Section 12.4 states that organizations must "Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors."

Information Security Roles & Responsibilities Made Easy provides over 40 pre-written security-related job descriptions and practical, step-by-step instructions on how to develop and document your security organization. Based on the 25-year consulting experience of Charles Cresson Wood, this time-saving resource includes standard practices that have been effective at over 125 organizations around the world.  » Learn More

Ongoing Security Awareness Requirements

Protecting Information is a new quarterly security and privacy awareness newsletter designed for this exact requirement. Protecting Information is edited by data privacy and security expert Rebecca Herold, CISSP, CISM and goes well beyond traditional newsletters, providing audio files and interactive exercises to engage personnel and help them truly understand security and privacy concepts.   » Learn More

As an additional bonus, each issue includes a companion subscription to Awareness Advisor, a special newsletter containing practical, time-saving advice for security and privacy practitioners written by security, privacy and education expert Rebecca Herold. Contact us for a free evaluation version of Protecting Information.