>What are CISP and PCI?
CISP = Cardholder Information Security Program (Visa specific) and PCI =
Payment Card Industry Data Security Standard.
These govern the security of credit cardholder data, the transmission of
that data, the security practices and polices around it, etc. This was
an effort started by Visa and later adopted by the major CC companies
into a consolidated security audit.
Companies that process CC data are evaluated and later penalized if they
do not meet criteria within a given timeframe. The penalties can be
navigated around if you present a solid plan, that sort of thing.
Further, it outlines minimum financial penalties for security breaches
and release of CC data (aka hacked accounts).
For retailers and other entities that depend on CC data, this is huge.
For an industry audit, it's fairly detailed in that it talks about
specific TCP ports, encryption schemes, etc. Info at:
www.visa.com/cisp
My comments re: SOX were not meant to imply that it doesn't matter, more
that there are multiple sources of funding for compliance related
projects, some may be more applicable than others.
- Scott
scott.altman@target.com
|
|
