The 12 Sections of PCI DSS and How Each Relates to the IBM i Community PDF Print E-mail
Security - Compliance / Privacy
Written by SkyView Partners, Inc.   
Monday, 25 February 2013 00:00

Support MC Press - Visit Our Sponsors

Forums Sponsor



Search Sponsor



  Bookstore Sidebar Header




Carol Woodbury and her team refresh everyone's memory as to what PCI means to the IBM i.


Editor's Note: This article is an introduction to the webinar "The 12 Sections of PCI DSS and How Each Relates to the IBM i" available free from the MC Webinar Center.


While one may think that the Payment Card Industry (PCI) is a thing of the past and that it's already been implemented, that's not the case. Some retailers are just beginning to understand how PCI applies to them, and other organizations have started to accept credit cards when they didn't in the past. The need to understand compliance with the PCI standard and just exactly what it translates into as far as the IBM i is concerned has left many shops wondering. You see, the PCI standard itself talks about "best practices" and uses very generic language in its descriptions, language that could apply to any computing platform.


SkyView Partners Inc. has provided security services for nearly 11 years and has consulted with both Fortune 1000 companies and small to medium business enterprises. The technical team, led by Carol Woodbury, has had the opportunity to work with many of these enterprises from a PCI perspective. The goal has been to help remediate systems and guide enterprises closer to PCI compliance and to help them understand the relevance of the PCI standard as it applies to the IBM i. In doing the work, it became clear to the team that there was a glaring need to "translate" PCI into IBM i terms because of the generic nature of the standard. To that end, Carol Woodbury and her team created a presentation that helps refresh everyone's memory as to what is covered by PCI and to address what PCI means to the IBM i community and what organizations that use an IBM i need to be aware of.


So let's start with an overview of the standard itself. The Payment Card Industry has developed a Data Security Standard (PCI DSS) that is composed of six major sections with each of those divided into sub-sections for a total of 12 specific areas addressed. Looking at each of the six major sections, you can see what we mean by generic terminology. The six major sections are "Build and maintain a secure network"; "Protect Cardholder data"; "Maintain a vulnerability management program"; "Strong access control measures"; "Regularly test and monitor networks"; "Maintain and Information Security Policy." The overall intent of each section is to mitigate risk to cardholder data. It's in making this meaningful and relevant for any particular computing platform that things get a little interesting.


In this "Coffee with Carol' webinar session that you are about to view, Carol Woodbury draws on her experience and the experience of her team while consulting with SkyView Partners' clients and helping them with their PCI DSS implementation and compliance requirements. Carol touches on each of the six major sections and the subsequent 12 subsections of the Payment Card Industry's Data Security Standards (PCI DSS) and describes specifically how each relates to the IBM i community.


If you are facing PCI, then this webinar is for you. Download the free webinar "The 12 Sections of PCI DSS and How Each Relates to the IBM i" from the MC Webinar Center.



SkyView Partners, Inc.
About the Author:

SkyView Partners is dedicated to providing software to help you solve your security compliance and policy issues. SkyView Partners was founded by John Vanderwall and Carol Woodbury. Prior to forming the partnership with Woodbury to focus on developing a security practice, Vanderwall most recently spent several years as a founder of the software division of an AS/400 security firm and served as vice president of sales and marketing. Woodbury worked for 16 years with IBM in Rochester, Minn., and served for more than 10 years as the AS/400 Security Architect and Chief Engineering Manager of Security Technology for IBM's Enterprise Server Group. During this time, Woodbury provided security architecture and design consultations with IBM Business Partners and large AS/400 customers. She is known worldwide as an author and speaker on security technology, specializing in i5/OS and IBM i security issues. Woodbury has published her third book, IBM i and i5/OS Security & Compliance: A Practical Guide from 29th Street Press, has written numerous articles on security, and is a contributing author on security for MCPress Online and other IBM midrange publishers.

Find out whether your system's security configuration is in compliance with your security policies with SkyView Policy Minder. Find out your system's vulnerabilities lie, receive an explanation of the issues and suggestions on where to start with SkyView Risk Assessor. Generate the audit reports you need for security and compliance without having to understand the complexities of the IBM i audit journal with SkyView Audit Journal Reporter . Let SkyView Partners' Support Team install and configure SkyView products and schedule your automated security compliance reports through the SkyView IBM i Security Compliance Solution.

To find out more about Skyview Partners, Inc. and its products see their listings in the MC Showcase Buyer's Guide.


Last Updated on Thursday, 21 February 2013 15:55
User Rating: / 0