Welcome to the cyber ery de mystifying PC idea, says Compliance Course.
This module focuses on how to develop strategies to meet PC I compliance objectives.
This video focuses on taking a guided approach to meeting compliance by addressing the highest priority requirements based on risk.
The learning objective is to explore the prioritized approach to compliance provided by the PC I counsel
and how you can take a systematic approach to address risk to the CD.
The PC High Council has published a prioritized approach to help merchants implement a faced process to implement in controls that will help bring you into compliance.
It's meant to ease you into it by helping you identify the highest areas of risk to your cardholder data environment.
The approach is aimed at helping you gained some quick wins to bolster the compliance effort.
It's based on research on collecting data from actual breeches and feedback from qualified security assessors, forensic investigators and the PC I Security Standards Council.
It promotes measurable progress indicators and consistency among auditors.
The highest priority item is to remove any cardholder data in your environment that you don't absolutely need.
If this could be outsourced or purged upon completion of the transaction, you should do that.
The impact of a breach would be greatly reduced if you don't have the state on hand.
Priority to is simply looking at all the points of access to your cardholder data environment.
Have control of these network access points and haven't placed the ability to respond to any dedicated or *** detective attacks.
Priority three is for the applications that process and handle payment card information.
These applications often offer the most direct access the cardholder data for Attackers.
You need to make sure you put in place controls to limit the attack surface of your applications.
Priority four is aimed at all the controls that help you determine who, what, when and how. People both authorize an unauthorized accessing the data in your environment.
For those merchants that have determined that they must store cardholder data, Priority five targets all the protections you have to happen place to handle the threats to that data.
Priority six is just to complete the remaining requirements of finalize all of your policies, procedures, procedures and processes.
The prioritized approach document can be found here.
The document aligns each individual requirement of the P. C i. D. S s where the priorities identified in the prioritized approach.
If you're a new upbringing organization into PC I compliance, I recommend following this document
in summary, we discussed all of the priorities in the approach and where you can find the document to help you through implementing this approach.
Now for a quick quist,
the prioritized approach is meant to help vendors
developed compensating controls,
develop effective procedures,
apply risk based principles to meet objectives
or to monitor the CD.
The prioritized approach is to help merchants implement a phased approach to implementing controls that will bring you into compliance based on risk based principles,
the highest priority and the approaches to
protect cardholder data,
secure payment card applications,
remove sensitive authentication data
You shouldn't ever maintain authentication data on any of your systems.
In the event of a breach, it provides a direct path for Attackers to make fraudulent charges