Tag Archives: information
Proper Data Security And Storage Methods (Page 1 of 2)
The PCI DSS (Payment Card Industry Data Security Standard) requires that any merchant who accepts, processes, stores, transmits sensitive credit card information must do everything possible to protect and guard that data. Proper data security and storage, however, can be a difficult thing to do in-house.
Data security and storage comprise a major portion of the PCI DSS and is also a necessary part of maintaining trust with your customers. In an age where personal information is a valuable commodity, customers need to know that their transactions are secure and you have a priority on guarding their personal data.
The third requirement of the PCI DSS states simply: “Protect stored cardholder data.” This may be a simple thing to say, but that doesn’t necessarily make it an easy thing to implement, nor does it downplay the importance. There are quite a few individual security controls that are required before you can say that you have created the proper data security and storage environment.
The first step is encryption. If you must store sensitive information on your own system you must encrypt it. This is a basic step because if a criminal intruder should happen to bypass all the other security measures that are in place, all they will find on your system are strings of random gibberish that are useless without the encryption key.
The next step is to limit the amount of cardholder data on your system. This includes only keeping the data that is absolutely necessary for legal, business, or regulatory purposes. When you don’t need it anymore, get rid of it. The less you have that is worth stealing, the less of a target you become. There are also a few things you’re not allowed to store at all. These include the full contents of any track from the magnetic stripe (like the card verification code or PIN verification value), or the three or four digit validation codes or personal identification numbers.
Of course, even if you’ve taken the steps to electronically protect data by encrypting it, there’s still the possibility that someone inside the company could steal or wrongfully employ the encryption keys. For that reason, the third requirement of the PCI DSS also mandates protecting those keys against misuse and disclosure.
Access to these keys must be restricted to the fewest number of people possible. These keys must also be stored in as few places as possible. Backups are, of course, necessary, but if you end up backing it up in too many places, you’re likely to forget where they all are, or accidentally place one where someone with criminal intentions can get a hold of it.
Requirement numbers seven, eight, and nine also deal with limiting physical access to cardholder data. These mandate that you restrict access to this data by to business need-to-know, and that you assign unique IDs to each person with computer access. These are measures that help ensure that you can trace the source of your problem, should a breach occur.
Is My PC Vulnerable on the Internet? (Page 1 of 2)
Think about this: Is a simple antivirus application enough to protect your PC against all threats?
No longer are viruses the only threat on the internet. In recent years other threats have evolved which include spyware, adware, hacking, identity theft, information theft, pop-ups and the loss of information.
Lets begin with the basics. We all need to protect our PC in the same way we protect our home, car and bank account. We wouldnt give a stranger the keys to our car, home or bank account now would we. If you dont protect your PC it is like giving the keys to a stranger and letting him/her have full access to your PC. Once the stranger has the keys they can snoop around and take whatever they want. I know, your thinking how can they do this, my computer is in my house and my doors are locked. Well, today you can be anywhere in the world and access someones computer via the internet. Since the introduction of cable modems and DSL everyones PC is online all the time and accessible.
Why do I need to protect my PC, I dont keep any important information on it? Ask yourself a couple of questions.
1. Do I bank online? 2. Do I shop online? 3. Do I create documents, spreadsheets? 4. Do I let other people use my PC? 5. Do I download music, files onto my PC?
If you answered yes to any of these questions then your PC is vulnerable. If you bank online then you are sending personal confidential information to your bank via the Internet. For Example: Lets say you are infected with spyware and you are typing in your account number plus password. A spyware installation can record key strokes and then send them off to a site on the internet. Now the person who setup the site has your account number and password to your bank. Here is one more example, if you answered yes to I let other people use my pc, here is what happens. The other person decides that they like this new cool piece of software. They download and double click on the exe, msi or whatever installs the software. The adware, spyware or virus installs. Now the infection is installed and now it can start stealing confidential information or cause havoc on your PC. You get onto the PC as always, since you dont know this has happened and start doing what you always do, type documents, go to chat rooms, do your banking online, reconcile your banking with quicken and all this time your confidential information is stolen and you are completely unaware that this occurred.
The million dollar question, what do I do? Well, you can follow this approach. 1. Install a Spyware application and install and configure correctly. If you already have spyware application installed make sure it is up to date and make sure that is configured properly. 2. Install an Adware application and install and configure properly. If you already have adware application installed make sure it is up to date and make sure that is configured properly. 3. Install an AntiVirus application and install and configure properly. If you already have antivirus application installed make sure it is up to date and make sure that is configured properly. 4. Install backup software, why because if something does get through your defenses or delete something by accident you always have a way of retrieving the information. You should try to backup your system at least every other day. 5. Install Encryption software. This software will encrypt files like word docs, spreadsheets, banking file on quicken. This way if someone does steal your information they will not be able to read it. 6. Install a Firewall. The Firewall can either be software or hardware based. I would install both especially if you bring your laptop with you and connect to the internet at different locations. The Firewall will block hackers trying to scan your system while you are on the Internet.
Is My PC Vulnerable on the Internet? (Page 1 of 2)
Think about this: Is a simple antivirus application enough to protect your PC against all threats?
No longer are viruses the only threat on the internet. In recent years other threats have evolved which include spyware, adware, hacking, identity theft, information theft, pop-ups and the loss of information.
Lets begin with the basics. We all need to protect our PC in the same way we protect our home, car and bank account. We wouldnt give a stranger the keys to our car, home or bank account now would we. If you dont protect your PC it is like giving the keys to a stranger and letting him/her have full access to your PC. Once the stranger has the keys they can snoop around and take whatever they want. I know, your thinking how can they do this, my computer is in my house and my doors are locked. Well, today you can be anywhere in the world and access someones computer via the internet. Since the introduction of cable modems and DSL everyones PC is online all the time and accessible.
Why do I need to protect my PC, I dont keep any important information on it? Ask yourself a couple of questions.
1. Do I bank online? 2. Do I shop online? 3. Do I create documents, spreadsheets? 4. Do I let other people use my PC? 5. Do I download music, files onto my PC?
If you answered yes to any of these questions then your PC is vulnerable. If you bank online then you are sending personal confidential information to your bank via the Internet. For Example: Lets say you are infected with spyware and you are typing in your account number plus password. A spyware installation can record key strokes and then send them off to a site on the internet. Now the person who setup the site has your account number and password to your bank. Here is one more example, if you answered yes to I let other people use my pc, here is what happens. The other person decides that they like this new cool piece of software. They download and double click on the exe, msi or whatever installs the software. The adware, spyware or virus installs. Now the infection is installed and now it can start stealing confidential information or cause havoc on your PC. You get onto the PC as always, since you dont know this has happened and start doing what you always do, type documents, go to chat rooms, do your banking online, reconcile your banking with quicken and all this time your confidential information is stolen and you are completely unaware that this occurred.
The million dollar question, what do I do? Well, you can follow this approach. 1. Install a Spyware application and install and configure correctly. If you already have spyware application installed make sure it is up to date and make sure that is configured properly. 2. Install an Adware application and install and configure properly. If you already have adware application installed make sure it is up to date and make sure that is configured properly. 3. Install an AntiVirus application and install and configure properly. If you already have antivirus application installed make sure it is up to date and make sure that is configured properly. 4. Install backup software, why because if something does get through your defenses or delete something by accident you always have a way of retrieving the information. You should try to backup your system at least every other day. 5. Install Encryption software. This software will encrypt files like word docs, spreadsheets, banking file on quicken. This way if someone does steal your information they will not be able to read it. 6. Install a Firewall. The Firewall can either be software or hardware based. I would install both especially if you bring your laptop with you and connect to the internet at different locations. The Firewall will block hackers trying to scan your system while you are on the Internet.