| By Peter Silva |
Article Rating: |
|
| April 26, 2012 08:15 AM EDT |
Reads: |
2,591 |
According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining information security policies. The essential framework of the PCI DSS encompasses assessment, remediation, and reporting. We’re exploring how F5 can help organizations gain or maintain compliance and the last entry is Maintain an Information Security Policy which includes PCI Requirement 12. To read Part 1, click: Complying with PCI DSS–Part 1: Build and Maintain a Secure Network, Part 2:Complying with PCI DSS–Part 2: Protect Cardholder Data, Part 3: Complying with PCI DSS–Part 3: Maintain a Vulnerability Management Program, Part 4: Complying with PCI DSS–Part 4: Implement Strong Access Control Measures and Part 5: Complying with PCI DSS–Part 5: Regularly Monitor and Test Networks.
Requirement 12: Maintain a policy that addresses information security for all personnel.
PCI DDS Quick Reference Guide description: A strong security policy sets the security tone for an entire organization’, and it informs employees of their expected duties related to security. All employees should be aware of the sensitivity of cardholder data and their responsibilities for protecting it.
Solution: The spirit of this requirement is to ensure the adoption of a Corporate Information Security Policy (CISP). Although policy-based, F5 solutions don’t, by themselves, meet this requirement in context. F5 products facilitate adherence to the CISP, but they do not actually comprise a CISP. That said, F5 products can help organizations roll out business policies and security policies together. Applications needn’t be built and deployed in a vacuum; F5 technologies can be implemented in conjunction with corporate policies that address information security.
Since the inception of the PCI DSS, organizations have been laboring to understand, implement, and comply with its guidelines. Often, achieving that goal requires deploying and managing several different types of devices. The BIG-IP platform enables organizations to understand inherent threats and take specific measures to protect their web application infrastructures and to satisfy many PCI DSS requirements.
ps
Related:
Technorati Tags: F5, PCI DSS, virtualization, cloud computing, Pete Silva, security, cloud, credit card, compliance, web, internet,cybercrime, holiday shopping, identity theft,
| Connect with Peter: |
Connect with F5: |
![o_linkedin[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png "o_linkedin[1]") ![o_rss[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png "o_rss[1]") ![o_facebook[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png "o_facebook[1]") ![o_twitter[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png "o_twitter[1]") |
![o_slideshare[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png "o_slideshare[1]") ![o_youtube[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png "o_youtube[1]") |
Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.
Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.
Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product evangelism for F5’s security line. He's also produced over 100 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.
Subscribe to Virtualization Journal Email News Alerts
Subscribe via RSS
