These are the top 10 questions that you can answer right now to secure your environment and to help you achieve PCI compliance.
- Are your system components hardened, secured, and locked down? Do you have documented provisioning and hardening guides, forms, and checklists that are used for properly securing and hardening all information systems?
- Do you deploy anti-virus on ALL systems components? Do you have anti-virus pushed out from a centralized AV Server? Do you have in place personal firewalls on all workstations and laptops?
- Do you have a two-factor authentication utility in place that is used for accessing the network remotely?
- Have you configured your network topology with what’s called a Web Application Firewall (WAF)?
- Have you configured all your in-scope servers to enable audit logging and are they sent to an external log server?
- Have you configured all your in-scope servers to log to an external syslog server? Also known as the system information and event management system (SIEMS).
- Have you configured all your in-scope servers with critical host based monitoring and file detection software? Also known as File Integrity Monitoring (FIM).
- Have you configured your network topology with an Intrusion Detection System (IDS)?
- Do you have any pre-existing information security policies and procedures in place?
- Do you have sufficient support from all available staff in helping you become PCI DSS compliant?
Must Read: 10 Key Compliance Factors of PCI DSS
We hope you find this article informative. Please share it with your friends, colleagues, and on all your favorite social sites. Let us know what interests you, and we will write it. Don’t forget to leave a comment.