This video is the first of two parts which cover the 12 elements or requirements of the PCI DSS introduced in the earlier videos. Requirements 1-6 are: 1. Firewall and router configuration to protect cardholder data. Separate trusted and untrusted networks. Maintain a security policy for employee-owned devices. 2. Don't use vendor defaults for network equipment configurations. Maintain a secure password policy, create a security baseline for systems prior to connecting to the network, and encrypt all non-console admin access for remote access. 3. Protect cardholder data. Limited storage and retention, don't store entire card number, mask PAN when displayed, and protect keys used for encryption. 4. Protect data in transit. Use strong cryptography and secure transport protocols such as IPSEC and HTTPS. 5. Maintain a vulnerability management program. Use anti-virus software along with a host intrusion detection system and keep them updated! 6. Develop and maintain secure systems and apps. This requires instituting secure coding standards and best practices. Utilize a change control system and consists of a review and approval process. Software is often the weak link in security!
This series covers the framework governing the self-regulated payment processing industry. Compliance with these standards is critical. Learn the 12 elements of the framework and how they pertain to risk management in relation to cardholder data.