Professional Documents
Culture Documents
shon loren harrye
shon loren harrye
shon loren harrye
Eventually, the credit card companies joined forces and devised the Payment Card
Industry Data Security Standard (PCI DSS). The PCI Security Standards Council was
created as a separate entity to maintain and enforce the PCI DSS.
The PCI DSS applies to any entity that processes, transmits, stores, or accepts credit
card data. Varying levels of compliance and penalties exist and depend on the size of
the customer and the volume of transactions. However, credit cards are used by tens
of millions of people and are accepted almost anywhere, which means just about every
business in the world is affected by the PCI DSS.
The PCI DSS is made up of 12 main requirements broken down into six major
categories. The six categories of PCI DSS are Build and Maintain a Secure Network
and Systems, Protect Cardholder Data, Maintain a Vulnerability Management Program,
Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and
Maintain an Information Security Policy.
NOTE According to PCI DSS 3.1, Secure Sockets Layer (SSL) and early
Transport Layer Security (TLS) are not considered secure. New systems
should not use them, and existing systems can only use them until June
2016 provided they incorporate risk mitigations.
此资料仅供个人学习,需要各种网络信息安全学习和考试相关资料以及交流讨论,可加入QQ群: 173456730
Many security professionals are not well versed in the necessary laws and regulations.
One person may know a lot about HIPAA, another person might know some about
GLBA, but most organizations do not have people who understand all the necessary
legislation that directly affects them. You can stand head and shoulders above the rest by
understanding cyberlaw and how it affects various organizations.
此资料仅供个人学习,需要各种网络信息安全学习和考试相关资料以及交流讨论,可加入QQ群: 173456730
Prescreening Personnel
It is important to properly screen individuals before hiring them into a corpora-
tion. These steps are necessary to help the company protect itself and to ensure
it is getting the type of employee required for the job. This chapter looks at some
of the issues from the other side of the table, which deals with that individual’s
privacy rights.
Limitations exist regarding the type and amount of information that an
organization can obtain on a potential employee. The limitations and regulations
for background checks vary from jurisdiction to jurisdiction, so the hiring manager
needs to consult the legal department. Usually human resources has an outline for
hiring managers to follow when it comes to interviews and background checks.
A company that intends to monitor e-mail should address this point in its security
policy and standards. The company should outline who can and cannot read employee
messages, describe the circumstances under which e-mail monitoring may be acceptable,
此资料仅供个人学习,需要各种网络信息安全学习和考试相关资料以及交流讨论,可加入QQ群: 173456730
此资料仅供个人学习,需要各种网络信息安全学习和考试相关资料以及交流讨论,可加入QQ群: 173456730