The Retailer's Guide to Becoming and Remaining PCI Compliant
No retail organization wants to be a target, but the reality within the modern threat landscape is that each and every retailer that deals with credit cards is guaranteed to become the target of cyber threats. Being PCI compliant is the first step in ensuring that a standard security framework is applied throughout all the systems that store, transmit or process critical data.
Retailers need a way to ensure that they're protecting their systems adequately while maintaining control over their risk around both compliance and security. There are many steps retail organizations can take to ensure both continuous security and compliance in their fight against modern cyber threats.
Visibility and Distinguishability
In order to control the cost and administrative load of the compliance process, there's much value derived by spending time to adequately scope or segment the parts of the infrastructure that have PCI relevance. This exercise helps to prioritize the approach to compliance as well as identify the critical systems and data that require focus. Assets can be prioritized by data criticality through segmentation, helping administrators avoid the increased complexity of the compliance metrics for which the in-scope data is held.
The most recent version of PCI calls for focus on the business process or "Business as Usual," (BAU) which is really helping organizations focus on the business process that's involved in both processing data as well as continued business. Solutions that can provide full visibility and monitoring of enterprise assets and that focus on the business process or a trust policy are useful in helping organizations get a handle on their infrastructure in a less intrusive way. Once the business policy is established, companies can easily get a quick snapshot of the corporate assets that are affected by compliance and gain insight on the level of risk posed to both the compliance and security of the organization at any given time.