PCI DSS Part 5.2 – Requirements in Depth

Invite Friends
Facebook Twitter Google+ LinkedIn Email
Description
Virtual Practice Lab
Practice Test
Resources
PCI DSS Part 5.2 – Requirements in Depth

This final video contains part 2 of the in-depth look at the PCI DSS requirements as well as a summary of the module. Requirements 7-12 consist of:

  • Restrict access to cardholder data. Implement principle of least privilege and need-to-know. Authentication using something I know, I have, and I am (biometrics). Utilize multi-factor authentication for extra strength.
  • Assign unique identifier to each person with computer access to the network. This allows for authentication and auditing. Passwords should be unreadable via one-way encryption.
  • Restrict physical access to cardholder data via physical controls. Maintain physical security policies, log visitors, use badges, implement a “clean desk” policy, and restrict media such as thumb drives that can cause data exfiltration.
  • Track and monitor access to network resources and cardholder data. Maintain an audit trail for all data access and secure logs to prevent modification. And most importantly, periodically review logs for suspicious behavior!
  • Regularly test security systems and processes. Perform internal and external penetration testing. Deploy file integrity checks to alert of unauthorized modification of critical system and other files.
  • Maintain a policy that addresses information security pertaining to both employees and contractors.

The video concludes by pointing out the threats posed by social engineering. Humans are often the most vulnerable piece of an organization and they need to be educated about the risks they face. The overriding principle is: trust no one!

Watch the Course Intro Video
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Recommended Study Material

PCI/DSS PowerPoint notes & PDF version

Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Upcoming Industry Events

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel