Compliance is a day-by-day security process.
By Brandon Barney, CISSP
I think Bob Russo, head of the PCI Security Standards Council said it best.
 |
| Bob Russo, PCI SSC |
Watch the video to learn the best ways to maintain your hard-earned compliance.
Want to see more vids like this? Subscribe on YouTube forPCI security tips.
So let’s recap.
How exactly are you supposed to maintain compliance?
- Ensure your security policies are updated. Anytime you change the way you store, process, or transmit cardholder data, update those policies to reflect the changes!
- Train your employees. While training new (and current) staff members, remind them about the rights and wrongs of correct card data handling.
- Update your SAQ if things change. If anything in your card processing environment changes, your SAQ is no longer valid! Update and resubmit your SAQ for best results.
- Run external vulnerability scans. If your business is required to scan for vulnerabilities, make sure scans run at least quarterly and when you make any network changes. (Do you see a pattern yet?)
- Understand where your credit card data is stored. One of the reasons it’s hard to maintain compliance is because businesses accidentally store unencrypted card data. Identify unencrypted card data with card discovery tools like PANscan®.
Brandon Barney, CISSP, is the Security Support Director at SecurityMetrics and has over 10 years of compliance, data security, and database management experience.