Want a Career in GRC? Start Learning these 12 PCI DSS Requirements:
The GRC (Governance, Risk & Compliance) sector of Cyber Security is in demand. Without GRC, there is no security. The truth is, compliance does not equal security, but it does however drive security. Without it, many companies would lack the proper controls to protect data.
The PCI Framework is one of the strictest frameworks alive. I worked as a PCI QSA for awhile and I will say that if you learn this framework, most of the other frameworks come easy.
Every organization that you swipe your credit card at is bound by PCI rules. These rules are in place to protect cardholder data. There are several levels of PCI Merchants, which some have stricter requirements than others, but that's for another day.
Learning these 12 PCI requirements will help you understand how credit card data should be protected. You don't have to be a PCI QSA to help businesses secure their card data. You simply need to understand the requirements and be able to communicate them in a business language.
There are 6 overall Goals and 12 Requirements per the PCI DSS:
Goals:
1. Build and Maintain a Secure Network and Systems
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy
Requirements:
1️⃣ Install and Maintain a Firewall Configuration to Protect Cardholder Data
2️⃣ Do not use Vendor Supplied defaults for System Passwords and other Security Parameters
3️⃣ Protect Cardholder Data
4️⃣ Encrypt Transmission of Cardholder Data across Open Public Networks
5️⃣ Protect all Systems Against Malware and Regularly Update Antivirus Software
6️⃣ Develop and Maintain Secure Systems and Applications
7️⃣ Restrict access to Cardholder Data by Business Need to Know
8️⃣ Identify and Authenticate Access to System Components
9️⃣ Restrict Physical Access to Cardholder Data
1️⃣0️⃣ Track and Monitor all Access to Network Resources and Cardholder Data
1️⃣1️⃣Regularly Test Security Systems and Processes
1️⃣2️⃣Maintain a Policy that Addresses Information Security for all Personnel
Each of the 12 Requirements break down into deeper sub-requirements. In total, there are hundreds. You don't have to become an expert in PCI, but the more you learn, the more valuable you become.
🔥 Want a Career in Cyber Security in 2024? Here are 2 Ways I can help. ⬇
1. My Break in Cyber Playbook - This playbook that I wrote will give you solid direction on the right path to take to get into Cyber Security. Better yet, it's also a complete guide on how to stand out to recruiters and make them find you. Get it here.
2. Book a 1-on-1 Call with Me - Let me get to know you and steer you in the right direction so you can work toward land that next job in Cyber Security. I can help you get discovered by recruiters because I know what they are looking for.
My calls are informal, fun, and extremely productive. I guarantee you will have some great take-aways and feel more confident by the end of the call or I'll refund you completely.
If you book a call within the next 12 hours, I will also give you a free copy (PDF) of my Break in Cyber Playbook that will help guide you to landing a job.
~ Mike Miller
Comments