FRSecure

Information Security Program Development

FRSecure Home

• Program Development
• FRSecure's Approach
• What do you get?
• What ensures success?
• Why choose FRSecure?

Standards Compliance

• ISO 17799:2005
• PCI-DSS
• HIPAA
• GLBA

About Us

• 3992 Spruce Road
  Minnetrista, MN 55375
  
  888.676.8657
  
  info@frsecure.com

Payment Card Industry - Data Security Standard (PCI-DSS)

The Payment Card Industry - Data Security Standard, otherwise known as "PCI-DSS" or simply "PCI" is a semi-comprehensive security standard which includes requirements for security management, policies, procedures, network architecture, software design, and other protective measures.

Notice the word "requirements" in the above statement? There could be sanctions levied against non-compliant organizations, especially those found to have experienced a breach involving payment card data.

PCI-DSS was created by the founders of the PCI Security Standards Council, which was formed in 2004 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc.

The purpose of PCI-DSS is to enhance the security of payment account information (Credit Cards, Debit Cards, etc.) and is primarily focused to this end.

The most current version of PCI-DSS is version 1.2. Reference: About the PCI Data Security Standard (PCI DSS)

The standard is built and organized into the following six categories:

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy

Organizations who are involved with credit and/or debit card data in any way should certainly maintain compliance with the standard, but FRSecure does not recommend using this standard as a model for an information security program. PCI-DSS is just too narrowly focused.

Compliance does not equal good information security, but conversely, good information security does equal compliance. There is value in good information security, much more than that found in compliance. - FRSecure

PCI DSS and its effectiveness were the subject of a congressional hearing on March 30th, 2009, See the ComputerWorld story here.

FRSecure is not a PCI-DSS QSA (Qualified Security Assessor), nor does FRSecure plan to become one in the near future.

For more information, please submit:

Business Name:

Contact Name:

Email Address:

Phone Number:

Comments:

FRSecure LLC, 3992 Spruce Road, Minnetrista, MN 55387 - 888.676.8657

Copyright � 2009 FRSecure LLC All Rights Reserved.