PCI Compliance: Implementing Effective PCI Data Security Standards

Access controls are fundamental to good security in almost any situation. We put locks on our cars and homes to protect access to them. We put passwords on computer accounts to protect them. In this chapter, we ll describe some basic security principles that should be understood anytime access control systems are being put into place. By understanding these basic principles, it will be much easier to make individual decisions on implementing access control. After we have a general understanding of access control, we move to the Payment Card Industry s (PCIs) access control requirements. We discuss procedures that should be in place and how systems should be configured to help enforce PCI compliance. After we ve shown how to lock down access control on your systems, we move to physically secure systems and media that contain sensitive information.
| Note | Many times the easiest way to protect data is not to store it at all. It s a good idea to review the data you're keeping and verify that you really need to keep it. |
To understand the goals of access controls it s important to understand the three pillars of security: integrity, confidentiality, and availability. As you implement access control in your organization you should always consider these three principles.
The principle of integrity means that data has not been altered or destroyed in an unauthorized manner. You must put measures in place to ensure that data cannot be altered while it s being stored or while...