Payment Card Industry Security standard today goes live with version
1.2 which some important changes. This revision was based on feedback
from the corporations and it also incorporates some relaxation to the
Security folks on Firewall rules review etc.
There are lot of
speculations and questions when relating to terms and statements used
in the old PCI standard which includes 1.1 and the PCI standard 1.2
tries to clarify the requirements rather than just beating around the
bush and tells the companies what to do and what they expect. For eq.
1) Firewall rules can now be reviewed in 6 months rather than the current 3 months /quarter.
2) Then every Wireless implementation should be with WEP / WPA encryption.
3) Risk based approach to patch management rather than deadline patching.
4) Penetration testing can be done internally no need for external third parties (cost saving).
5) Policy to outline and keep a check on Managed Security Services providers.
The standard can be found at PCI Security Standards Website.
-Abhiz
1.2 which some important changes. This revision was based on feedback
from the corporations and it also incorporates some relaxation to the
Security folks on Firewall rules review etc.
There are lot of
speculations and questions when relating to terms and statements used
in the old PCI standard which includes 1.1 and the PCI standard 1.2
tries to clarify the requirements rather than just beating around the
bush and tells the companies what to do and what they expect. For eq.
1) Firewall rules can now be reviewed in 6 months rather than the current 3 months /quarter.
2) Then every Wireless implementation should be with WEP / WPA encryption.
3) Risk based approach to patch management rather than deadline patching.
4) Penetration testing can be done internally no need for external third parties (cost saving).
5) Policy to outline and keep a check on Managed Security Services providers.
The standard can be found at PCI Security Standards Website.
-Abhiz
Powered by ScribeFire.
No comments:
Post a Comment