Tip of the month of February, 2008 - Week 2

PCI DSS Control Objectives 1 and 2

The Payment Card Industry (PCI) Data Security Standard (DSS) Control Objectives 1 and 2 include requirements that must be met as defined below:

Control Objective 1: Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Control Objective 2: Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data and sensitive information across open, public networks

The first control objective is about hardening your perimeter defense capabilities. This requires reviewing closely how the firewall system is configured and changing default parameters to gain access to the system. The next control objective is about securing sensitive information such as credit card data, and in the case of health care organizations, all electronic protected health information (as required by HIPAA).

THE CERTIFIED SECURITY COMPLIANCE SPECIALIST (CSCS) PROGRAM

To attend the only certification program in the industry that addresses PCI DSS, ISO, HIPAA, FISMA, and other information security regulations, please visit the web-site, www.ecfirst.com, and click on the CSCS Program.

INFORMATION SECURITY POLICY TEMPLATES

For a complete set of information security policy templates to address compliance and security requirements, please visit www.ecfirst.com. Hundreds of organizations have downloaded these templates to create tailored policies to meet compliance requirements. To discuss your policy goals, please contact Lorna.Waggoner@ecfirst.com or call her at 1.877.899.9974 x17.

For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visitwww.HIPAAAcademy.net

HIPAA Tip

COMPLIMENTARY 2-DAY CERTIFIED SECURITY COMPLIANCE SPECIALIST (CSCS) PROGRAM DELIVERED AT YOUR SITE

The CSCS Program is the first and only certification program that describes core requirements of all major information security standards and regulations including PCI DSS, HIPAA, ISO 27002 (17799:2005) as well as FISMA. Hundreds of client testimonials are at www.ecfirst.com. For a complimentary 2-day Certified Security Compliance Specialist (CSCS) program delivered at your site, please contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.ecfirst.com. Only qualified organizations will be considered. Session will be confirmed after review by ecfirst.com. Certain terms and conditions apply.