PCI Implementation

Unanswered Question
May 21st, 2007

Hi,


Can u please guide me the how to setup Payment Card Industry.What are the security products are required and how to implement those products .


Waiting for your reply.


Regards

Sivaji.P

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
qbakies11 Mon, 12/10/2007 - 13:08

I just had this dropped in my lap last week and told we have to be PCI compliant before January 1st. Do you think that is feasible? I'm not a security expert but I am the Infrastructure guy.

chjanoff Mon, 12/10/2007 - 15:20

If you are talking about Jan 1, 2008 and your company is just now starting,it does not sound feasible to me.

Of course, it depends on many factors, like the size of your company, your existing policy and the existing configurations of your infrastructure.

But, based on your note, I would say your company has identified a red flag.

mpipkin Tue, 12/11/2007 - 12:09

I think one of the first things you need to do is download the PCI Self Assessment and PCI DSS. then, depending on what policies, processes, procedures, documentation you have, make a decision as to whether you want to set out alone remediating. If your company is big and you have a long ways to go, I would suggest getting a partner to assist in remediation. We decided to do the remediation ourselves but we contracted with a company to give us a roadmap.


As far as the actual security products needed, there is nothing specifically named. It is more of a set of guidelines for minimum functionality. basically, if you go through the DSS, you can start to carve out what products will work for you in each area. I think that process took us longer than anything.

pplsi Wed, 12/26/2007 - 11:33

You really need a good assesment/audit from a 3rd party organization that is PCI certified. Like Fishnet or ISS and I'm sure there are others as well.


You will not be ready by Jan 1 of 2008..not even close. Your first step is to find out what you need to remediate and this is best done by a PCI audit.


ISS actually did our audit and helped write a document stating what failed and how we will resolve this issues. We were also granted time to get into compliance.



Actions

This Discussion