PCI DSS
PCI DSS, first released in 2004, from policies developed by American Express, Visa, Mastercard, Discover, and JCB, is a comprehensive worldwide information security standard aimed at any organization that stores credit card data. PCI DSS includes requirements for security management, data protection, network management, and other critical protective measures that were developed to proactively secure cardholder data and transaction information for consumer privacy.
The standard was developed by the payment card agencies to outline best practices for securing and protecting credit card numbers and transaction data at the retail level. Over time, the standard has expanded requirements to include banks and third-party processors. Non-compliance with the standard can result in hefty fines from each of the payment card compliance programs - from increased transaction processing fees, financial fines in the hundreds of thousands of dollars, to suspension of credit card transaction.
In order to more effectively meet PCI DSS compliance and secure their financial data, organizations must protect their financial data where it lives - in the database. In fact, database security is mandated in the PCI DSS standard. PCI DSS has twelve requirements addressing a wide range of security considerations. DbProtect addresses the majority of these requirements through a comprehensive program of database security process control.
Network-Centric Versus Data-Centric Approaches to PCI DSS
Many organizations start with a network-centric approach which focuses on the end points and periphery defense. Periphery defenses have been proven to be ineffective in protecting cardholder information, as evident by the high volume of database breaches over the last several years. This is because:
- SQL injection vulnerabilities are prevalent and provide direct access to the database.
- Hackers are more successful loading malware onto employee workstations, providing a jump off point to the database and cardholder data.
- Insider attacks are on the rise.
It is therefore critical that organizations include a data-centric approach and protect the data where it lives - the database. Application Security's data-centric solution is Precision Database Activity Monitoring (DAM). Precision DAM enables organization to secure their databases by controlling the security processes that impacts cardholder data.
FIVE STEPS TO COST-EFFECTIVE PCI COMPLIANCE - TWO MINUTE TUTORIALS
 |
Isolate
Sensitive
Databases |
Maintain an accurate inventory of all databases deployed across the enterprise. |
| |
|
|
|
Eliminate
Vulnerabilities |
Identify and fix vulnerabilities that are exposing the database on a continuous basis. |
| |
|
|
|
Enforce
Least
Privileges |
Reset user access controls and privileges to only the minimum database access required to do their jobs. |
| |
|
|
|
Monitor
for
Deviations |
Implement appropriate policies and monitor for any and all activity that deviates from normal and authorized activity. |
| |
|
|
|
Respond to
Suspicious
Activity |
Alert and respond to any unauthorized or suspicious activity in real-time to minimize risk of attack. |
SUMMARY OF REQUIREMENTS - PCI DSS
|
Request a FREE trial
Contact Sales 
