Hello, I am new to the PCI game and trying to figure out a game plan for my small web company. Where should I start with PCI?
|
0
|
|
|
|
|
0
|
Start off by downloading and reading this e-Book provided by the Payment Card Industry (PCI) Then read the following e-Book provided by VeriSign to understand why companies fail their PCI Audit: Afterward, you should understand everything you need to! |
||
|
|
|
0
|
Better to read current version of standard (v.1.2). Link included in previous answer points to old version. Latest version includes the audit procedures also. Goto https://www.pcisecuritystandards.org/ for latest version, reference guides and guidelines. You should start as follows: - make sure you know where you store and handle credit card numbers - draw a network map which shows the apps, databases and data flow - fill in the PCI self evaluation form - read the standard in order to understand where biggest gaps are |
||
|
|
|
0
|
Here is the process I follow: 1. Identify in scope devices. 2. Conduct a gap analysis - internal and/or external audit against standard. 3. Remediate gaps. 4. Lock down the environment for four (4) weeks 5. Prepare for audit. 6. Conduct PCI-DSS audit - by a QSA 7. Remediate remaining gaps. 8. Auditor to submit RoC. |
||
|
|
Not the answer you're looking for? Browse other questions tagged pci compliance or ask your own question.
Welcome to SecurityCRunch
A place to ask questions and get real answers about IT Security process, products and technologies .
