PCI Compliance: Implementing Effective PCI Data Security Standards

Chapter 7: Strong Access Control

Introduction

Access controls are fundamental to good security in almost any situation. We put locks on our cars and homes to protect access to them. We put passwords on computer accounts to protect them. In this chapter, we ll describe some basic security principles that should be understood anytime access control systems are being put into place. By understanding these basic principles, it will be much easier to make individual decisions on implementing access control. After we have a general understanding of access control, we move to the Payment Card Industry s (PCIs) access control requirements. We discuss procedures that should be in place and how systems should be configured to help enforce PCI compliance. After we ve shown how to lock down access control on your systems, we move to physically secure systems and media that contain sensitive information.

Note

Many times the easiest way to protect data is not to store it at all. It s a good idea to review the data you're keeping and verify that you really need to keep it.

Principles of Access Control

To understand the goals of access controls it s important to understand the three pillars of security: integrity, confidentiality, and availability. As you implement access control in your organization you should always consider these three principles.

Integrity

The principle of integrity means that data has not been altered or destroyed in an unauthorized manner. You must put measures in place to ensure that data cannot be altered while it s being stored or while...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Access Control Systems
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.