PCI Compliance: Implementing Effective PCI Data Security Standards

PCI Self-Audit

In this section we ll go over each PCI requirement and give some ideas on how you can audit each requirement to verify that you are currently in compliance. Often times when a company first becomes PCI compliant you have to make many changes to their current security policy. Because of this, it s very important to audit any new policy changes you ve made to verify that they are working at your organization. This way you can find weak points in your policy or employee education that need to be addressed.

The PCI Security Council provides some great documents to help you with your self assessment. For example, the Self-assessment Questionnaire can help you determine your company s current compliance level. You should periodically review these documents, and look for ways to improve your company s security posture.

There are also many freely available and commercial security tools that can be used to test your company s level of compliance. For example, Nessus is a fantastic vulnerability assessment tool that is free and works on both Windows and Linux. There are also many great free port scanning tools such as SuperScan or Nmap. Many of these tools are available on a live Linux CD called Backtrack (www.remote-exploit.org/backtrack.html) that contains many tools to help assess network security. Several mini-tutorials are contained throughout the chapter on how to use some of the most important tools from this CD to help test your PCI compliance.

Warning

You should always have permission from management before you run...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Regulatory and Safety Communications Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.