Cisco Blogs


Cisco Blog > Security

Attend the PCI Community Meeting and be Heard!

The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. According to the PCI SSC, 2012 is a critical year in the standards development process that hinges on feedback from the PCI community.

Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the sixth annual PCI SSC North American Community Meeting. The meeting runs September 12—14, 2012 at the Walt Disney World Swan and Dolphin Resort in Orlando, Florida.

Read More »

Tags: , , ,

Simplifying PCI Compliance for SMBs

Payment Card Industry (PCI) compliance can often be overwhelming for all enterprises, let alone small and medium businesses (SMBs).  Given limited budgets and IT resources, SMBs face an even greater challenge than large enterprises.

The PCI Data Security Standard (DSS) 2.0 is complex on several levels:

  • It requires expertise on a range of network systems and security technologies.
  • It requires continual monitoring and management of access to cardholder data.
  • There is no “silver bullet” technology that can address a growing list of detailed standards and requirements. Technologies such as encryption, tokenization, as well as Europay, MasterCard, and Visa (EMV) smartcards address portions of your infrastructure, but none provide a single compliance solution.
  • It’s dynamic and requires ongoing diligence.  Being compliant at the time of your audit is a snapshot in time that requires simplified maintenance.

These requirements take time, effort and funding, which are all in short supply in SMBs.

Help is at hand. Cisco and many of its partners offer cost-effective PCI compliance services--including assistance for SMBs as they complete their self-assessment questionnaire or assess PCI readiness.   In a recent article  authored by Cisco and partners Verizon Business and Presidio, we examine ways to simplify compliance for small and medium businesses.  Learn the 5 key strategies to securing your customer information while incorporating security best practices from Aaron Renolds, QSA and Principal Consultant at Verizon Enterprise Solutions and Sean Wallis, Senior Security Consultant at Presidio Networked Solutions.

Advice to Managers: Five Ways to Simplify Your PCI 2.0 Compliance:

http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/do_business_better/advice_to_managers/index.html

Tags: , , , , , , ,

Compliance-minded? Join the Conversation!

Share your knowledge by taking the 5-minute Cisco Regulatory and Industry Compliance Survey

Greetings from Cisco’s Compliance Solutions team!

Over the past several years, we have developed an architectural approach to achieving and maintaining regulatory and industry compliance. Our latest work provides – in great detail – both a framework for achieving PCI DSS compliance and recommendations about how to make your Cisco-based network PCI compliant.

To address the topic with authority, we integrated Cisco and technology partner products together into a comprehensive solution based on foundational Cisco architectures, had a QSA auditor – Verizon Business – assess it for PCI DSS 2.0 compliance, and documented the results in a publicly-available Design and Implementation Guide which can be found here: www.cisco.com/go/pci

Our team’s broader vision is to enable Cisco customers to manage risk by achieving and maintaining compliance with a broad range of regulatory and industry mandates. We believe that

  1. Your challenges around compliance are growing and that you are looking for sound guidance as you work to achieve and maintain compliance with multiple mandates;
  2. The value we deliver starts with a thoughtfully-developed architectural framework but also includes a broad array of Cisco and partner technology that has been tested and assessed by third party auditors;
  3. Integrated and proven compliance solutions will give you confidence in Cisco’s ability to act as the foundation for achieving and maintaining compliance.

Looking forward, we plan to engage in conversations with our readers. You will hear from the team regularly on a variety of topics and we’ll ask about your views as they relate to compliance. Your thoughtful responses will help guide our future work.

In that spirit, we are very interested in your thoughts right now! We developed the “2012 Cisco Regulatory and Industry Compliance Survey” which can be found at:
https://www.ciscofeedback.vovici.com/se.ashx?s=6A5348A773762B88

The survey is anonymous and it will take about 5 minutes to complete. In future blog posts, we will share the results with you.

Thanks in advance for your contribution.

Cisco Compliance Solutions Group
www.cisco.com/go/pci

Tags: , , , ,

Anatomy of a Data Breach: Part II

Don’t be the Next Victim

Even as the latest breach headline fades away, we all know there is another waiting in the wings (read Part I of my blog). How can organizations protect themselves? There is no panacea for securing a payment environment, and implementing advanced technology alone will not make an organization compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS provides a solid foundation for a security strategy that covers payment and other types of data, but overall security does not begin and end with PCI compliance. Therefore, an organization’s security strategy should employ best practices and an architecture that will not only facilitate PCI compliance, but also help secure the cardholder environment, prevent identity theft, reliably protect brand image and assets, mitigate financial risk, and provide a secure foundation for new business services.

Read More »

Tags: , , , , , , ,

Anatomy of a Data Breach: Part 1

Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids.  However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser.  In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…

With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us.  So, how are these breaches continuing despite all of the efforts to secure customer data?  In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.

Anatomy of a Data Breach:

It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today.  It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information.  Complex, heterogeneous IT environments make data protection and threat response very difficult.

Read More »

Tags: , , , , , ,