Information Technology Reference
In-Depth Information
strategy secures even the manner in which information is arranged from
easy outside observation.
Proactively Implement Standards
Many standards exist for securing information and networks, including
architectural models such as CObIT and ITIL (see Chapter 2). In addi-
tion to these guidelines, many industries are evolving mandated security
practices that can be used to plan proactively for future state defensive
requirements. As one example, the Payment Card Industry (PCI) Data
Security Standards provide a basic framework for protecting data related
to credit card transactions (see Table 3.2).
Table 3.2 PCI Data Security Standards
Standard
Implementation
Build and maintain a secure network
Install and maintain a fi rewall.
Do not use default settings for
passwords and other security
parameters.
Protect cardholder data
Protect stored data, including backup
media.
Encrypt data during transmission across
public networks.
Maintain a vulnerability management
program
Employ regularly updated antivirus
software.
Develop and maintain secure systems
and applications.
Implement strong access-control
measures
Restrict data access to least necessary.
Assign a unique ID to each user.
Restrict physical access to cardholder
data.
Monitor and test networks
Monitor and log all network access to
cardholder data.
Regularly test security systems and
practices.
Maintain an information security policy
Maintain clear security policies.
Ensure adequate training and
awareness.
Source:
MasterCard International.
