Learning objectives and outcomes.
PCI DSS Application Information
Cardholder data
Sensitive Authentication Data
Primary account number
Full magnetic stripe data or equivalent on CHIP
Cardholder name
CAV2/ CVC2/CVV2/CID
Expiration date
PINs
Service code
Pins blocks
It professional need o be aware of account numbers are stored and processed and transmitted. This table
Illustrated common use of cardholder and sensitive information to help to authenticated data. PCI DSS represent a minion sector of controls and objectives which may be enhanced by regional and local sector from laws and regulation.
We need to build a secure data and PCI
Build and maintain secure network
Install and maintain firewall configuration
Need to be assure don’t use default password
Protect cardholder Data
Encrypt transmission
Protect stored cardholder data
Maintain a Vulnerability Management program
Update anti- virus software
Develop and maintain secure systems
Regular monitoring and test network
Track and monitoring all access to the network
Regularly test security systems and process
Maintain an information Security policy
Policy that addresses information security for all personnel
Build and Maintain a Secure network
Firewall=examine all network traffic and block those transmission that not meet security criteria.
System need to be protected from untrusted network, via wireless networks, or via other source.
Scope of Assessment with PCI DSS
Need to accurately determine the scope to review, annually need to confirm and identify all locations and flow or cardholder data to ensuring they are include in the PCI DSS scope
Network Segmentation
The cost of the PCI DSS assessment
The scope of the PCI DSS assessment
The cost and difficulty and implementing and maintain PCI DSS controls
The risk to organization
(www.beta.wvinsurance.gov, 2015)
(www.PCisecurity.com, 2010)