PCI Security Policy Solutions

About the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI-DSS) is a common set of security controls for protecting credit card information maintained by the PCI Security Standards Council. All members, merchants and service providers that store or process credit cards are subject to these data protection standards. Our products can save you thousands of dollars and hundreds of man-hours building and updating security policies for PCI-DSS compliance.

Requirement 12 of the PCI standard states that every organization should "maintain a policy that addresses information security for employees and contractors." Critical to this requirement is that the security policies cover all of the technical requirements covered within the standard.

The PolicyShield Security Policy Subscription Service contains everything an organization needs to build and maintain a complete set of written information security policies and keep them up to date based on the latest threats. Includes a comprehensive library of over 1400 pre-written information security policies and expert commentary covering each of the security areas identified within PCI-DSS.   » Learn More

Sample Security Policy Topics included:
Building and Maintaining Firewalls; Data Encryption and Key Management; User Password Management; Privilege Management; Physical Security Protection Against Malicious Software; Information Security Training; Event Logging, Network Security, System Acceptance and much more.

Documented Information Security Roles

The PCI Data security standard also requires definition and documenting information security roles and responsibilities. Section 12.4 states that organizations must "Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors."

Information Security Roles & Responsibilities Made Easy provides over 40 pre-written security-related job descriptions and practical, step-by-step instructions on how to develop and document your security organization. Based on the 25-year consulting experience of Charles Cresson Wood, this time-saving resource includes standard practices that have been effective at over 125 organizations around the world.  » Learn More

Ongoing Security Awareness Requirements

Key to maintaining a secure environment is the education and awareness of employees and contractors. Our security awareness products help educate all users on safe information handling.

Protecting Information is a unique quarterly security and privacy awareness newsletter designed for this exact requirement. Protecting Information is edited by data privacy and security expert Rebecca Herold, CISSP, CISM and goes well beyond traditional newsletters, providing audio files and interactive exercises to engage personnel and help them truly understand security and privacy concepts.   » Learn More

As an additional bonus, each issue includes a companion subscription to Awareness Advisor, a special newsletter containing practical, time-saving advice for security and privacy practitioners written by security, privacy and education expert Rebecca Herold. Contact us for a free evaluation version of Protecting Information.