Carol Woodbury and her team refresh everyone's memory as to what PCI means to the IBM i.
While one may think that the Payment Card Industry (PCI) is a thing of the past and that it's already been implemented, that's not the case. Some retailers are just beginning to understand how PCI applies to them, and other organizations have started to accept credit cards when they didn't in the past. The need to understand compliance with the PCI standard and just exactly what it translates into as far as the IBM i is concerned has left many shops wondering. You see, the PCI standard itself talks about "best practices" and uses very generic language in its descriptions, language that could apply to any computing platform.
SkyView Partners Inc. has provided security services for nearly 11 years and has consulted with both Fortune 1000 companies and small to medium business enterprises. The technical team, led by Carol Woodbury, has had the opportunity to work with many of these enterprises from a PCI perspective. The goal has been to help remediate systems and guide enterprises closer to PCI compliance and to help them understand the relevance of the PCI standard as it applies to the IBM i. In doing the work, it became clear to the team that there was a glaring need to "translate" PCI into IBM i terms because of the generic nature of the standard. To that end, Carol Woodbury and her team created a presentation that helps refresh everyone's memory as to what is covered by PCI and to address what PCI means to the IBM i community and what organizations that use an IBM i need to be aware of.
So let's start with an overview of the standard itself. The Payment Card Industry has developed a Data Security Standard (PCI DSS) that is composed of six major sections with each of those divided into sub-sections for a total of 12 specific areas addressed. Looking at each of the six major sections, you can see what we mean by generic terminology. The six major sections are "Build and maintain a secure network"; "Protect Cardholder data"; "Maintain a vulnerability management program"; "Strong access control measures"; "Regularly test and monitor networks"; "Maintain and Information Security Policy." The overall intent of each section is to mitigate risk to cardholder data. It's in making this meaningful and relevant for any particular computing platform that things get a little interesting.
In this "Coffee with Carol' webinar session that you are about to view, Carol Woodbury draws on her experience and the experience of her team while consulting with SkyView Partners' clients and helping them with their PCI DSS implementation and compliance requirements. Carol touches on each of the six major sections and the subsequent 12 subsections of the Payment Card Industry's Data Security Standards (PCI DSS) and describes specifically how each relates to the IBM i community.