5 MOST COMMON PCI FAILURE AREAS
Regularly test security systems and processes
Track and monitor all access to network resources
and cardholder data
Maintain a policy that addresses information security
for all personnel.
Install and maintain a firewall configuration to
protect cardholder data
Do not use vendor-supplied defaults for system
passwords and other security parameters
QUESTIONS TO ASK YOURSELF…
SOONER RATHER THAN LATER.
! Where do your PCI-relevant assets live, how are they configured, and
how are they segmented from the rest of your network?
! Who accesses these resources (and the other W’s… when, where,
what can they do, why and how)?
! What are the vulnerabilities that are in your PCI-defined network – app,
! What constitutes your network baseline? What is considered “normal/
Ask your team… What do we NEVER want to happen in our PCI environment? How do we
capture those events when they do happen?