PCI DSS Part 5.2 – Requirements in Depth

This final video contains part 2 of the in-depth look at the PCI DSS requirements as well as a summary of the module. Requirements 7-12 consist of:
  • Restrict access to cardholder data. Implement principle of least privilege and need-to-know. Authentication using something I know, I have, and I am (biometrics). Utilize multi-factor authentication for extra strength.
  • Assign unique identifier to each person with computer access to the network. This allows for authentication and auditing. Passwords should be unreadable via one-way encryption.
  • Restrict physical access to cardholder data via physical controls. Maintain physical security policies, log visitors, use badges, implement a "clean desk" policy, and restrict media such as thumb drives that can cause data exfiltration.
  • Track and monitor access to network resources and cardholder data. Maintain an audit trail for all data access and secure logs to prevent modification. And most importantly, periodically review logs for suspicious behavior!
  • Regularly test security systems and processes. Perform internal and external penetration testing. Deploy file integrity checks to alert of unauthorized modification of critical system and other files.
  • Maintain a policy that addresses information security pertaining to both employees and contractors.
The video concludes by pointing out the threats posed by social engineering. Humans are often the most vulnerable piece of an organization and they need to be educated about the risks they face. The overriding principle is: trust no one!
Recommended Study Material

PCI/DSS PowerPoint notes & PDF version

Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



DNS Rebinding – Behind The Enemy Lines
Views: 946 / January 19, 2019
My IT Learning Journey
Views: 1441 / January 18, 2019
A New Age of Digital Interconnection
Views: 1203 / January 18, 2019
7 Project Management Basic Rules
Views: 1664 / January 17, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?