Compliance
Regulatory requirements affecting your data include:
PCI
The Payment Card Industry (PCI) Data Security Standard, which outlines guidelines for securing credit card data that is stored, processed or transmitted. PCI DSS defines a number of specific security controls and guidelines for protecting cardholder data.
In response to consumer demand for absolute protection of sensitive account information, the major card associations have developed data protection programs for members, merchants, and service providers. Visa’s Cardholder Information Security Program (CISP) and MasterCard’s Site Data Protection (SDP) programs have been aligned into the Payment Card Industry (PCI) Data Security Standard in defining best practices for securing stored credit card data.
SOX
Sarbanes-Oxley (SOX) dramatically changed the way companies process and report sensitive financial information.
In 2002, following a series of high profile accounting scandals and high level corporate fraud, United States legislature enacted a law designed to hold executives and corporate officers of public companies accountable for reporting financial information: Sarbanes-Oxley.
Data Protection
The EU directive 95/46/EC mandates appropriate safeguards for stored personal data to protect against unauthorised access to, or unauthorised alteration, disclosure or destruction of data.
Security Controls
Regulatory compliance is achieved in part by implementing security controls where you most need it – close to the databases that contain the critical data. Secerno empowers organisations to achieve regulatory compliance by deriving the most value from existing information assets and enables data security without the costs and overheads of traditional solutions.
The three major controls are: to protect access to data, to control changes to it and to foil Denial of Service (DoS) attacks, which compromise data availability. This table shows the relevance of each for a set of regulations.
