PCI Compliance: Ʈũ ̲
ۼ 2008-12-02
ȸ : 11,486
By Dave Anderson, senior manager, product marketing, Arcsight
SC MaginaeIT Defense Magazine, December 05, 2007
PCI ε(merchant) PCI ǿ ִ ħ μ, PCI ǥ(DSS) ٸ ǥذ ǥ̴. PCI ̳ γ ȸ ö ̾ ȯ ȸ Ѵ. , PCI ǥ Ȯ ؼ ϴ Ϸ õ鿡 ϰ ִ. ȸ Ϸ ݸ, ȸ鿡 ΰ Ͱ ȣ ִٴ Ȯϵ Ȱ ö̾ μ, غؾ ϴ Ϲ ̽ ִ.
Ͻ
ΰ ͷ ܺ ȭν, ʹ Ǿ ִ. PCI ϸ, ȸ ȣϱ ϰ ִٴ due diligence( ) ־ Ѵ.
ȸ ϰ ִ. ڿ ó ְ, ˾ƾ ʿ伺 ٰ Ͻ ΰ ε鸸, 鿡 Ȱִ Ϳ ϰ ִٴ Ȯϰ ִ. ü ȣۿ ϱ Ѵ: , , . ̷ ħ ״. иϰԵ, ϸ鼭 ȿ ϴ ȸ ڵκ Ȯ ִ.
ε ġ ϰ θ л Ʈũ ִ.̷ ū ý PCI ִ ϴ ̰, Ŀ ̷ ý۵ Ͽ Ǵ ȿ ĸϰ ϴ ְ ؾ . PCI ϱ , ȸ ȿ 100ۼƮ α ϰ ؾ Ѵ.
Ʈũ Ʈ Ÿ Ʈ ε鿡 Ŀٶ ̴. Ʈũ 뿪 ε پ ȯ ƿ ִ Ϲ ǵ Ӹ ƴ϶, 뿪 , ߿ ̺Ʈ α ġ 켱 ϴ ַ ʿϴ.
ȸ PCI Ͽ ֳ?
, ȸ ø̼, POS ġ, ͺ̽, Ž ̼ ýκ ̺Ʈ ҽ ϰų м ʾҴ. , PCI ü ī ΰ ϰ Ȯǵ ̷ ΰ ý ۵ ϴ ̺Ʈ , м ϵ Ѵ.
α
PCI ī , μ Ǵ ϴ ITġ Ǵ ýۿ ģ. 100 ۼƮ ĸİ ȸ ڻ ȣ 䱸ȴ. ̴ ITȯ濡 IT ý۵ ϱ , ڻ Ȯ ־.
̵ ϴ ý۵ ټ ŷ ʴ. ý ü Ʈũ ְ, Ʈ , , ݼ , â ϴ Ҹ ¶ ý ٸ Ѵ. ̵ ο α ǵ ȸ ü IT ̷ ̺Ʈ , ϰ мϴ ַ ϵ .
Ȱ
Ǽ Ǵ ൿ ϰ, ε, Ͻ Ʈ , ڵ Ʈ ī ȿ ȴ. PCI ý۵ ø̼ ϴ ϰ, ϴ ΰ ڵ ѹ Ĵ ൿϰ ִ Ȯϰ ħ ȣ ʿ ȴ.
ȸ Ʈũ Ա ܼ ڵ ϴ ʴٴ ˰ ִ; ֵ ϱ ü Ʈũ Ͽ Ȱ ϰ ؾ Ѵ. ̴ ε PCI ϴ پ ý۰ ø̼ǿ پ ڸ ID ֱ ε ID ϰ ϴ Ѵ.
켱ȭ
ȸ ü ĺϰ ϴ ֽ Դ. Ϲ IT Ŀ Ͻ μ , IT Ͻ ߸ صǾ, յ ʾҰ ɰϰԴ ̷. IT ö̾ Ǵ ϸ װ͵ óϴ ͵̾. , IT Ͻ ִ. IT Ͻ ĥ ִ 鸸 ٷ ϴ Ϳ ϰ ִ. ü Ͻ ξ ȿ ϰ ū ġ ڿ ڸ Ҵϵ ´.
Ȱ ö̾ best practice ٹ
PCI ū ϳ ö̾ ǥ ̳ Ǵ ̴. SOX, ISO17799 ٸ, ǥص ȸ Ȱ ö̾ ؾ ΰ ֽϴ ݸ, PCI ǵ ִ ü λ Ѵ. ö̾ ϱ ʿ , å ġϱ ̵μ PCI ϰ ִ.
Advantage? Best practice PCI Ӹ ƴ϶, ȯ Ʋ due diligence( ) ſ åӰ ִ. α , , , ־, best practice ٹ Ŀ´Ƽ θ Ǵ Ϸ Ϲ μ, å ϵ Ѵ.
Ͻ ó ȯ濡 ִ 鿡 Ѵ. ü ϱ ý۵ ԵǴ ϴ Ϳ, ȸ ̷ 鿡 ο ٹ ν, ü ö̾ ѷ ϰ ϴ Ҵ. ȸ ī Ϳ ΰ ȣϵ ִ μ ϱ ū μ, PCI Ѵ. PCI ȸ ü Ʋ Ȱ ö̾ ¸ ϵ ´. ᱹ ֿ ƴϰڴ°?