Be the first to like this
There are innumerable ways that data thieves can attack and penetrate your network. As the saying goes - it’s not if your systems will be breached, but when. Every organization, especially those that handle PCI data, should operate under the assumption that sooner or later, they will be breached.
The new best practices to protect sensitive data and the data flow throughout the enterprise are designed with this assumption in mind. They are about reducing risk of data loss, and responding quickly to attacks when they occur.
First, minimize the amount of sensitive data you collect and store. Some elements, such
as PIN numbers and CVV/CVC codes, are prohibited from being stored, but in general, if you’re not using certain data but you store it anyways, you’re only increasing risk with no returns. If you are using it, or planning to, minimize the number of systems that store or process sensitive data. This will make it easier to protect it, as you will have less to defend. The next step is to implement some sort of data security, as required by PCI DSS regulations. While access controls provide a basic level of protection, they do nothing to protect the data flow, and the PCI council has recognized a need to go beyond them. Data security is applied in one of two ways: coarse-grained security at the volume or file level; and fine-grained security at the column or field-level.