Skip to content

PCISecurityStandards.org  has a website and it's response to the Target Data breach:

"As part of this security effort, the Council maintains that adherence to and maintenance of the Payment Card Industry Data Security Standard (PCI DSS) is the best defense against data breaches."

What is this "adherence to the PCI DSS?

To look at the actual requirements and procedures you have to agree to their terms and conditions.

The standard says to maintain a vulnerability management program.

Among other items:

NIST SP800-115 is the sample standard for penetration testing methodologies.

Examine Security policies and procedures.

"Verify responsibility" is sprinkled in multiple times in the PCI DSS standard.  Each person or team with responsibilities should be clearly aware of their responsibilities.

 

I know a "Guidance" that would make PCI DSS even stronger:   Use an independent reviewer (second pair of eyes) such as Fixvirus.com

Dark Reading has an interesting article about how Target was compliant with PCI(Payment Card Industry) standards and it was not enough.

The Point of Sale terminals were infected with malware specific to Point Of Sale terminals, stole the CC# and the 3 digit CV code as well.  So it was designed to steal the complete magnetic strip information.

Many parties may be to blame in this, but what can you do in the meantime?

Test your systems - check for malware, in an automated manner. If there are unknown pieces of software or ports open on your computers then that means it requires more investigations and cleaning the systems.

 

Use our Alpha-A, Sigma-Σ, and Omega-Ω services.  (A – Σ – Ω)