Navigating the PCI DSS requirements can be challenging, but this white paper can help.
Editor's Note: This article is an introduction to the white paper "PCI Compliance for Power Systems Running IBM i" available free from the MC White Paper Center.
According to the eye-opening "Chronology of Data Breaches" maintained by Privacy Rights Clearinghouse (privacyrights.org), a consumer advocate organization, unauthorized access to data is growing into an everyday occurrence. Many shocking breaches are the result of egregious errors made by the guardians of the data. Some do not involve a criminal perpetrator; many others involve nefarious access to information and data—typically for financial gain.
Attempting to slow—as it will likely never be halted—the use of data for unethical or illegal purposes is a challenge in every industry and in every nation around the world. As a result of the most significant breaches and cases of information mismanagement, regulatory and legislative compliance standards have sprung up in a frenzied attempt to prevent their reoccurrence.
Anyone who's been subjected to a formal compliance audit will attest to the fact that it can be a challenge to meet—or ideally exceed—the requirements imposed by these various mandates. The difficulty comes from having to understand and translate complex business requirements into technology directives. Additionally, there's the cost and impact of aligning the business to achieve and maintain compliance. This is often made worse by the fact that requirements may be interpreted and assessed in different ways by different auditors.
One of the most influential of today's regulatory standards is the Payment Card Industry's Data Security Standard (PCI DSS), a compliance baseline designed to guard credit card data and processes. Formed in 2006 by five major card brands (MasterCard, Visa, American Express, Discover, and JCB International), the PCI Security Standards Council designed a framework of 12 primary requirements and a comprehensive assessment and penalty process.
Unfortunately, many audit firms are unfamiliar with the IBM i operating system and its uniquely integrated database and security controls. As a result, recommendations are often made that do not make sense to those who have experience working with the platform. Unfamiliarity also increases the risk that data will be compromised, as there's a very real likelihood that serious configuration vulnerabilities will be missed.
PowerTech, a leading security and compliance company, has released a white paper discussing how PCI DSS requirements impact servers running IBM i (aka AS/400 and iSeries). The document includes ways that PowerTech's comprehensive suite of security solutions can assist in achieving and maintaining PCI compliance. If your organization stores or processes regulatory-controlled data—such as credit card information—on these servers, then this document is one of the must-read resources available in the PowerTech library.
To find out more, download the free white paper "PCI Compliance for Power Systems Running IBM i" from the MC White Paper Center.
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online