A couple of posts ago, we began the End of Year Cleanup discussion. In that post, I encouraged you to ask the question “Where are we?” with regard to information security within your organization.
Now, we must address the question “Where do we want to be?
Over the years I’ve had several people express that they don’t know where to begin in thinking about this.
Covey says to begin with the end in mind. So, what is the end that you are after? Have you given any thought to this?
The Payment Card Industry (PCI) has created data security standards (DSS) that are to be followed by any organization accepting Visa, MasterCard, American Express, JCB, and Discover cards. It is a very good standard to use as a framework. The PCI DSS quick start can be downloaded here.
In a nutshell, here are the general steps…
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
You can always find more details for each of these steps in the full PCI DSS documents. Check out www.pcisecuritystandards.org for more information.
Keep in mind that not every organization needs to follow all of the details of the PCI DSS. You should aim for security that is reasonable for your organization.
Have fun!
- Dan
Tags: PCI
