SimonStapleton.com

PCI Compliance & Network Segmentation

Estimated reading time: 2 mins

Do you want to become PCI DSS (Payment Card Industry Data Security Standard) compliant? If so, you must understand network segmentation. Segmentation is when you create data controls that meet data security requirements. Below are some key ideas related to network segmentation:

The Cardholder Data Environment (CDE)

The Cardholder Data Environment contains a person’s private information. This data comes from their credit or debit card. If you have access to the CDE, you can see information like account numbers and expiration dates.

You need to protect the CDE. If hackers have access to it, they can put false charges on customers’ credit and debit cards. You can find cardholder data environments in many places. If a computer or system works with credit and debit cards, it is a CDE. Here are some examples of CDEs:

  • Networking devices
  • Computers
  • Servers

How PCI DSS and Network Segmentation Work Together

To protect the cardholder data environment, you must protect the cardholder data. Cardholder data could enter a device in many ways. USB drives, Bluetooth devices, and virtual machines are just a few. Because there are a lot of ways data could enter a system, there are a lot of ways that hackers could access it. You need to protect all ‘entry points’

How Companies Scope Systems

If you want to scope the PCI DSS, you must look at the different ways data could enter your systems. Write down where you get cardholder data from. Then, think of all the ways someone could access it.

Next, you must figure out where you work with data. To identify these places, you’ll need to know:

  • Who handles the cardholder data?
  • What they do with the cardholder data?
  • What software and tools work with the data?

At this point, you will have identified the people and places that work with the CDE. Now you will have to create controls and limits that protect your information. You can do this by encrypting the data. You should also use data security techniques.

It is your responsibility to make sure that hackers cannot access customer information. Anytime you change something in the CDE, you will need to upgrade your security measures.

Transferring Risks to Third-Party Service Providers

Third party service providers help your business. They may also work with your cardholder data environment. Unfortunately, this also means that they can put your security at risk.

If you work with any third parties, ask them to prove that they are compliant. You may ask them to show proof that they have completed a security assessment. Choose service providers with care, and always put your customers’ security first.

 

About the author /


Simon is a creative and passionate business leader dedicated to having fun in the pursuit of high performance and personal development. He is co-founder of Applied Change, a Business Change consultancy based in the UK. Simon is also an Ambassador for Gloucestershire business. Simon is an Associate Member of the Chartered Institute of Professional Development.

Post your comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Affiliate Promotion

simonstapleton.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. Amazon, the Amazon logo, AmazonSupply, and the AmazonSupply logo are trademarks of Amazon.com, Inc. or its affiliates.

Polls

When answering Employee surveys, do you always answer completely honestly?

View Results

Loading ... Loading ...
My latest book: ACE Your Performance Appraisal$4.99 on
How Am I Doing?

Did this discussion solve your problem?

Then please rate this post or leave a comment.