|
Using Data Auditing & Data Encryption to Achieve PCI Compliance
PCI Data Encryption Requirements for Compliance. The ultimate goal of Payment Card Industry (PCI) is to ensure the best protection possible for sensitive cardholder data. With the severity of recent data breaches affecting brand name retailers, anxiety in the security and compliance community has reached a new high. Questions are being asked about what it mens to be PCI compliant, particulary in the context of protecting sensitive data from data breaches. This white paper provides insight into two technologies that address PCI requirements for cardholder data protection: data auditing and data encryption.
Data encryption and data auditing are not simply two distinct technologies, but also have strong synergies. In some cases, where data encryption is challenging to implement, data auditing can be a lightweight substitute and is recommended as a compensatory control by the PCI DSS Standard for PCI Clause 3. Also, if data encryption already exists, data auditing can help enchance and increase the effectiveness of its implementation. In this whitepaper, we describe where thse technologies fit, or don't fit, in order to helo PCI practitioners create the most effective cardholder data security strategy possible.
Key Concepts found in this PCI White Paper
- PCI data protection requirements
- Data auditing: solutions for PCI
- Data encryption: benefits, challenges and limitations
| 
