Techweb Digital Library

Data Encryption 101: Pragmatic Guide to PCI-DSS Requirements


Click here to download now

Source: Prime Factors
Date: September 2010
Type: White Paper
Rating: (0)
Save for Later
Email a Colleague
Rate This Asset

Overview: This educational, unbiased white paper cuts through the techno-babble and discusses how to select appropriate software to meet PCI requirements for encryption and key management. It is intended to provide the information you need to make an intelligent cryptographic choice.

PCI lists broad requirements for protecting credit card data, both in storage and in use, with encryption the prescribed linchpin for security. While cryptographic options for data in motion are well defined, as SSL/TLS is built into platforms and network devices we use, secure data storage options are far more esoteric. The basic requirement is to use "strong cryptography," but there are lots of algorithms, dozens of tools, and many ways to deploy each of them. Strong cryptography is often misapplied as the security model is inappropriate for the business use case. The wrong choice leaves data accessible in clear text, resulting in wasted investment and persistent vulnerabilities.

In this paper, we present the information you need to determine the right strategy for your situation. This paper will:

• Demystify security goals, technologies and best practices and put them in perspective

• Discuss encryption options, what problems they can be expected to solve, and the associated tradeoffs

• Discuss supporting systems - such as key management - and the effect on security and management

• Provide a selection checklist

DOWNLOAD NOW

Not what you're looking for? Search again
Go Advanced »
More From the Encryption Section
VENDOR INDEX 0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Performance Management, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Data Quality

Development : Open Source, Windows/.NET, Web Development, Security, Mobility, Java, High Performance Computing, Embedded Systems, Development Tools, Database, Architecture & Design, C/C++

Government : Cloud/SaaS, Leadership, Information Management, Federal, Mobile & Wireless, State & Local, Enterprise Applications, Security, Policy & Regulation, Enterprise Architecture

Hardware : Virtualization Hardware, Windows Servers, Utility/On-demand Computing, Unix/Linux servers, Supercomputers, Peripherals, Macintosh, Handhelds/PDAs, Grid/Cluster Computing, Desktops/PCs, Data centers, Blades, Processors

Healthcare : Interoperability, Administration systems, Clinical information systems, Electronic medical records, The Patient, Security & Privacy, Leadership, Policy & Regulation, Mobile & Wireless

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Social Business, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Internet Policy

Management : Career Development, Training, Small-Medium Business, Salary/Compensation, ROI/TCO, Regulation/Compliance, Recruiting, Personnel Management, Outsourcing, Legal, H-1B, Executive Insights/Interviews, Workplace Trends

Mobility : WLAN, Wireless Security, Wi-Fi/WiMax, Wi-Fi VOIP, Smartphones, 3G Wireless/Broadband, Muni Wireless, Mobile Messaging, Mobile Business, Fixed Mobile Convergence, 802.11x, RFID

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Virtual worlds, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Global Positioning Systems

Security : Security Administration, End user/Client Security, Encryption, Cyberterror, Attacks/Breaches, Application Security, Antivirus, NAC, Perimeter Security, Privacy, Vulnerabilities and Threats, Storage Security, Intrusion Prevention

Services : Telecom/Voice Services, Business Process Outsourcing, Business Services, Disaster Recovery, Systems Integration, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Hosted Applications

Software : Web Services, Service Oriented Architecture, Server Virtualization, Productivity Applications, Operating Systems, Open Source, Linux, Hosted Software/Applications, ERP, Development Tools, Databases, Database Applications, CRM, Business Systems Management, Integration, Application Optimization

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Internet policy, Presence, Collaboration Systems, Business, Regulation, Call Centers

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Security, Open Source, Operating system, Office Suite

More Security Resources

Check Point 2013 Internet Security Report
The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based ......

More On Security

Blogs