[转载]Addressing the Payment Card Industry Data Security Standard (PCI DSS)

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Major credit card companies are pushing hard to stop the financial fraud incidents that have affected numerous organizations and their consumers. Consequently, organizations that accept payment card transactions are duly bound to comply to PCI DSS by end of 2007. Organizations that fail to comply, risk not being allowed to handle cardholder data and fines of up to $500,000 if the data is lost or stolen. This white paper examines the necessary requirements to adhere to PCI DSS, the implications of non-compliance as well as how effective event log management and network vulnerability management play a key role in achieving compliance.