InsightaaS: Naked Security is a news/blog site hosted by security vendor Sophos. In this post, John Shier, a senior security expert at Sophos, provides a useful primer on PCI DSS (Payment Card Industry Data Security Standard). In the post, Shier walks through the 12 requirements of PCI DSS, and looks at the applicability of the standards requirements, their scope, and best practices leading to "computer security [being] a first class citizen in your IT ecosystem."
Hardly a week goes by these days without news of one sort of data breach or another.
In fact, breaches seem so commonplace now that many people seem to have responded to last year's news - namely that over 800 million records were lost - with little more than a shoulder shrug.
Many of the associated news stories talk about how the breach might have been stopped if the company had only followed the guidelines outlined in the Payment Card Industry Data Security Standard (PCI DSS).
While many of us may be familiar with the abbreviation, how many have actually read the standard?
Until recently, I was one of those people.
I knew about the standard, understood why it existed, and even knew some of the specific elements, but I had never given it a full read.
So I decided to go through the document and attempt to summarize it for Naked Security readers...
Read the entire post: http://nakedsecurity.sophos.com/2014/03/17/security-essentials-what-is-pci-dss/