Security standards are set up to provide a set of common guidelines for companies that handle customer information. They cover all kinds of transactions and technologies and can be peculiar to particular industries.
CBR looks at some of the major security standards. Absent from the list are the upcoming European cyber security standards from ETSI, which are in development at the time of writing.
1. PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) is a worldwide standard that helps businesses securely process card payments and reduce fraud.
The requirements fall into six major categories: building a secure network, protecting cardholder data, maintaining a vulnerability management programme, implementing strong access control measures, regularly resting and monitoring networks and maintaining an information security policy.
Included in the standard are requirements to install a firewall and anti-virus software, encrypt data and restrict access to cardholder data.