The Experts below are selected from a list of 9 Experts worldwide ranked by ideXlab platform
Branden R. Williams - One of the best experts on this subject based on the ideXlab platform.
-
Chapter 6 – Protecting Cardholder Data
PCI Compliance, 2020Co-Authors: Anton A. Chuvakin, Branden R. WilliamsAbstract:Publisher Summary The Payment Card Industry Data Security Standard (PCI DSS) requirement to protect Cardholder Data covers two elements—protect stored Cardholder Data, and encrypt transmission of Cardholder Data across open, public networks. In case of PCI DSS, logging and monitoring requirements are meant to provide auditing, and monitoring for the infrastructure. This key tenet is about knowing who is doing what with the Data at any given time, and on being able to prove it via logging, and monitoring. PCI standards dictate that stored Cardholder Data can be rendered unreadable, such as encrypted, masked, truncated, or tokenized. Encryption will protect the Data from being used by the malicious hackers, and thus, the goal of PCI DSS that is to reduce the risk of transactions will be preserved. Only upon failing to protect the Data with strong cryptography, PCI DSS allows implementing compensating controls to mitigate the risk if one is unable to meet this requirement directly. PCI DSS mandates certain key management practices, if encryption is a chosen method of rendering Data unusable. The document details 12 different items for the proper management of encryption keys.
-
Protecting Cardholder Data
PCI Compliance, 2020Co-Authors: Branden R. Williams, Anton A. Chuvakin, Derek MilroyAbstract:This chapter explains how to protect the card Data stored in your systems, as well as how to protect Data while it is in transit on your network.
-
chapter 6 Protecting Cardholder Data
PCI Compliance (Second Edition)#R##N#Understand and Implement Effective PCI Data Security Standard Compliance, 2010Co-Authors: Anton A. Chuvakin, Branden R. WilliamsAbstract:Publisher Summary The Payment Card Industry Data Security Standard (PCI DSS) requirement to protect Cardholder Data covers two elements—protect stored Cardholder Data, and encrypt transmission of Cardholder Data across open, public networks. In case of PCI DSS, logging and monitoring requirements are meant to provide auditing, and monitoring for the infrastructure. This key tenet is about knowing who is doing what with the Data at any given time, and on being able to prove it via logging, and monitoring. PCI standards dictate that stored Cardholder Data can be rendered unreadable, such as encrypted, masked, truncated, or tokenized. Encryption will protect the Data from being used by the malicious hackers, and thus, the goal of PCI DSS that is to reduce the risk of transactions will be preserved. Only upon failing to protect the Data with strong cryptography, PCI DSS allows implementing compensating controls to mitigate the risk if one is unable to meet this requirement directly. PCI DSS mandates certain key management practices, if encryption is a chosen method of rendering Data unusable. The document details 12 different items for the proper management of encryption keys.
Anton A. Chuvakin - One of the best experts on this subject based on the ideXlab platform.
-
Chapter 6 – Protecting Cardholder Data
PCI Compliance, 2020Co-Authors: Anton A. Chuvakin, Branden R. WilliamsAbstract:Publisher Summary The Payment Card Industry Data Security Standard (PCI DSS) requirement to protect Cardholder Data covers two elements—protect stored Cardholder Data, and encrypt transmission of Cardholder Data across open, public networks. In case of PCI DSS, logging and monitoring requirements are meant to provide auditing, and monitoring for the infrastructure. This key tenet is about knowing who is doing what with the Data at any given time, and on being able to prove it via logging, and monitoring. PCI standards dictate that stored Cardholder Data can be rendered unreadable, such as encrypted, masked, truncated, or tokenized. Encryption will protect the Data from being used by the malicious hackers, and thus, the goal of PCI DSS that is to reduce the risk of transactions will be preserved. Only upon failing to protect the Data with strong cryptography, PCI DSS allows implementing compensating controls to mitigate the risk if one is unable to meet this requirement directly. PCI DSS mandates certain key management practices, if encryption is a chosen method of rendering Data unusable. The document details 12 different items for the proper management of encryption keys.
-
Protecting Cardholder Data
PCI Compliance, 2020Co-Authors: Branden R. Williams, Anton A. Chuvakin, Derek MilroyAbstract:This chapter explains how to protect the card Data stored in your systems, as well as how to protect Data while it is in transit on your network.
-
chapter 6 Protecting Cardholder Data
PCI Compliance (Second Edition)#R##N#Understand and Implement Effective PCI Data Security Standard Compliance, 2010Co-Authors: Anton A. Chuvakin, Branden R. WilliamsAbstract:Publisher Summary The Payment Card Industry Data Security Standard (PCI DSS) requirement to protect Cardholder Data covers two elements—protect stored Cardholder Data, and encrypt transmission of Cardholder Data across open, public networks. In case of PCI DSS, logging and monitoring requirements are meant to provide auditing, and monitoring for the infrastructure. This key tenet is about knowing who is doing what with the Data at any given time, and on being able to prove it via logging, and monitoring. PCI standards dictate that stored Cardholder Data can be rendered unreadable, such as encrypted, masked, truncated, or tokenized. Encryption will protect the Data from being used by the malicious hackers, and thus, the goal of PCI DSS that is to reduce the risk of transactions will be preserved. Only upon failing to protect the Data with strong cryptography, PCI DSS allows implementing compensating controls to mitigate the risk if one is unable to meet this requirement directly. PCI DSS mandates certain key management practices, if encryption is a chosen method of rendering Data unusable. The document details 12 different items for the proper management of encryption keys.
Derek Milroy - One of the best experts on this subject based on the ideXlab platform.
-
Protecting Cardholder Data
PCI Compliance, 2020Co-Authors: Branden R. Williams, Anton A. Chuvakin, Derek MilroyAbstract:This chapter explains how to protect the card Data stored in your systems, as well as how to protect Data while it is in transit on your network.
