Semuridzi webhizinesi, kuve nechokwadi chekuti ruzivo rwekadhi rekubhadhara remutengi wako rwakachengeteka kwakakosha. The Payment Card Industry Data Security Standards (PCI DSS) kupa nhungamiro kune mabhizinesi kuchengetedza data inonzwisisika. Gwaro iri rinotsanangura PCI DSS uye kuti ungatevedzera sei zvinodiwa.
Chii chinonzi PCI DSS?
PCI DSS inomirira Payment Card Industry Data Security Standards. Iyo seti yezviyero zvekuchengetedza zvakagadzirwa nemakambani makuru emakadhi echikwereti kuti ave nechokwadi chekuti mabhizinesi anogamuchira kubhadhara kadhi rechikwereti anodzivirira ruzivo rwevatengi vavo. Iwo mayero anovhara akati wandei ekuchengetedza matanho, anosanganisira kuchengetedzwa kwetiweki, kutonga kwekuwana, uye encryption yedata. Kutevedzera PCI DSS kunosungirwa kune ese mabhizinesi anogamuchira kubhadhara kadhi rechikwereti.
Ndiani anofanirwa kutevedzera PCI DSS?
Chero bhizinesi rinogamuchira kubhadharwa kwekadhi rechikwereti, zvisinei nehukuru kana indasitiri, rinofanira kuenderana nePCI DSS. Izvi zvinosanganisira makambani epamhepo, zvitoro zvezvidhinha-nedhaka, nemamwe mabhizinesi anotambira kubhadhara kadhi rechikwereti. Kuteerera kunosungirwa, uye kutadza kutevedzera kunogona kuguma nefaindi dzakakura uye kunyange kurasikirwa kwekukwanisa kugamuchira kadhi rechikwereti. Naizvozvo, mabhizinesi anofanirwa kunzwisisa zvinodikanwa zvePCI DSS uye kutora matanho anodiwa kutevedzera kuchengetedza ruzivo rwekadhi rekubhadhara revatengi vavo.
Izvo gumi nembiri zvinodiwa zvePCI DSS.
Iyo Payment Card Indasitiri Data Security Standards (PCI DSS) ine gumi nemaviri zvinodiwa mabhizinesi anofanirwa kutevedzera kuchengetedza ruzivo rwekadhi rekubhadhara revatengi vavo. Izvi zvinodikanwa zvinosanganisira kuchengetedza manetwork akachengeteka, kuchengetedza data rine makadhi, kugara uchitarisa uye kuyedza masisitimu ekuchengetedza, uye kuita matanho akasimba ekudzora kuwana. Mabhizinesi anofanirwa kunzwisisa izvi zvinodiwa uye kutora matanho anodiwa kutevedzera kudzivirira faindi uye kuchengetedza ruzivo rwevatengi vavo.
Maitiro ekuzadzisa kutevedzera PCI DSS.
Kuteerera nePCI DSS kunogona kuita sekunetse, asi kwakakosha kune chero bhizinesi rinobata ruzivo rwekadhi rekubhadhara. Danho rekutanga nderekuongorora matanho ako ekuchengetedza uye kuona nzvimbo dzinoda kuvandudzwa. Kubva ipapo, unogona kuita shanduko dzinodiwa kuti usangane neimwe ye12 zvinodiwa. Izvo zvakakoshawo kugara uchitarisa uye kuyedza yako kuchengetedza masisitimu kuti uone kuti inoramba ichishanda. Chekupedzisira, funga kushanda neanokwanisa kuchengetedza muongorori kuti akubatsire kukutungamira munzira yekuteerera uye kuona kuti bhizinesi rako rakachengetedzwa zvizere.
Mhedzisiro yekusatevedzera PCI DSS.
Kusatevedzera PCI DSS kunogona kuve nemhedzisiro yakaipa kumabhizinesi. Kuwedzera kune njodzi yekutyorwa kwedata uye kurasikirwa kwevatengi kuvimba, makambani asingateveri anogona kutarisana nefaindi uye chiito chepamutemo. Mhedzisiro chaiyo ichasiyana zvichienderana nekuomarara kwekusatevedzera uye kutonga uko bhizinesi rinoshanda. Naizvozvo, zvakakosha kutora PCI DSS kutevedzera zvakakomba uye kuisa pamberi kuchengetedza ruzivo rwekadhi rekubhadhara remutengi wako.
Nei Kubhadhara Kadhi Indasitiri Dhata Chengetedzo Mayero Inofanirwa Kuve Yekutanga Yekutanga Kumabhizinesi
Munyika yanhasi iri kuramba ichiwedzera madhijitari, mabhizinesi akatarisana netyisidziro iri kukura yekutyorwa kwedata uye kurwisa kwepamhepo. Kuchengetedza ruzivo rwakadzama rwevatengi kunofanirwa kuve kwekutanga kune ese mabhizinesi, kunyanya ayo ari muindasitiri yemakadhi ekubhadhara. Apa ndipo panopinda iyo Payment Card Industry Data Security Standards (PCI DSS).
Inoitwa nemakambani makuru emakadhi echikwereti, anosanganisira Visa, Mastercard, uye American Express, iyo PCI DSS inopa seti yezvakakwana zvekuchengetedza zvinodiwa izvo mabhizinesi anofanirwa kutevedzera kuchengetedza data rine makadhi. Aya mazinga anobatsira kuona kuti mabhizinesi ane akasimba ekuchengetedza matanho ekudzivirira kutyora data, kuwana kusingatenderwe, uye hutsotsi.
Kutevedzera nePCI DSS kunobatsira mabhizinesi kuchengetedza vatengi vavo data revaridzi makadhi asiwo inobatsira kuvaka kuvimba uye kuvimbika. Kusatevedzera zvinogona kukonzera mhedzisiro yakaoma, kusanganisira faindi, kuwedzera mari yekutengeserana, zvikwereti zvepamutemo, uye kukanganisa mukurumbira wemhando.
Ichi chinyorwa chichaongorora kuti sei mabhizinesi achifanira kukoshesa PCI DSS uye matanho avanogona kutora kuti vatevedzere. Nekuisa pamberi kuchengetedzwa kwedata uye kutevedzera nhungamiro dzakaiswa nePCI DSS, makambani anogona kuzvidzivirira ivo nevatengi vavo kubva pane zvinogona kukanganisa data uye kuchengetedza nharaunda yakachengeteka yekutengeserana.
Kukosha kwekuteerera kwePCI DSS kumabhizinesi
Kutevedzera PCI DSS kunobatsira mabhizinesi kuchengetedza vatengi vavo data remakadhi asiwo kunobatsira kuvaka kuvimba uye kuvimbika. Nekuwedzera kwekutyorwa kwedata, vatengi vava kunyanya kunetseka nezve yavo yega uye yezvemari ruzivo rwekuchengetedza. Mabhizinesi anogona kuvimbisa vatengi vavo kuti data ravo rinobatwa zvakachengeteka nekuratidzira kutevedzera PCI DSS.
Zvakare, PCI DSS kutevedzera kunowanzo kudiwa kumabhizinesi anogadzirisa makadhi ekubhadhara. Kutadza kutevedzera zvinogona kukonzera mhedzisiro yakaoma, kusanganisira faindi, kuwedzerwa mari dzekutengeserana, zvikwereti zvepamutemo, uye kukanganisa zita remhando. Izvi zvinokonzeresa zvinogona kukanganisa hupfumi uye zvinogona kutokonzera kuvharwa kwemabhizinesi.
Mhedzisiro yekusatevedzera PCI DSS
Kusatevedzera PCI DSS kunogona kuve nemhedzisiro yakaipa kumabhizinesi. Imwe yemhedzisiro yakakosha ndeye mukana wekutyorwa kwedata. Mabhizinesi ari panjodzi yekurwiswa necyberattacks uye kuwana kusingatenderwe kune vane makadhi data pasina akakwana ekuchengetedza matanho. Kutyorwa kwedata kamwe chete kunogona kukanganisa zviuru, kana asiri mamirioni, emarekodhi evatengi, zvichikonzera kurasikirwa kwemari uye kukuvadzwa kwezita.
Pamusoro pekutyorwa kwedata, kusatevedzera PCI DSS kunogona kukonzera chirango chakakura chemari. Makambani emakadhi ekiredhiti anogona kubhadharisa faindi kumabhizinesi anotadza kuita zvinodiwa nePCI DSS. Idzi faindi dzinogona kubva kumazana kusvika kuzviuru zvemadhora pamwedzi, zvichienderana nekuoma kwekusatevedzera.
Uyezve, mabhizinesi asingateveri anogona kutarisana nekuwedzera mari yekutengeserana. Makambani emakadhi echikwereti anogona kubhadharisa mari yakakwira kumafemu ane njodzi yakanyanya yekutyorwa kwekuchengetedza. Iyi mari yakawedzerwa inogona kukanganisa zvakanyanya pasi pebhizinesi, kunyanya kumakambani ane mavhoriyamu ekutengesa akakwira.
Zvikwereti zvepamutemo ndezvimwe mhedzisiro yekusatevedzera. Mabhizinesi anogona kutarisana nematare edzimhosva kubva kune vatengi vakakanganisika mukutyorwa kwedata, zvichikonzera kurwa kwemutemo kunodhura uye kugadzirisa kunogona kuitika. Zvakare, mabhizinesi asingateveri anogona zvakare kutarisana nemutemo kubva kumakambani emakadhi echikwereti ari kutsvaga kudzoreredza chero kurasikirwa kwemari kwakaitika nekuda kwekutyorwa.
Chekupedzisira, kusatevedzera PCI DSS kunogona kuva nemhedzisiro yenguva refu pazita rebhizinesi remhando. Kutyorwa kwedata kunogona kukuvadza kuvimba uye kuvimba kwevatengi mubhizinesi, zvichitungamira mukuderera kwevatengi uye kuderera kwekutengesa. Kuvakazve kuvimbana mushure mekutyorwa kunogona kuve kwakaoma uye kutora nguva, zvichiita kuti zvive zvakakosha kuti makambani akoshese PCI DSS kutevedzera kudzivirira zviitiko zvakadaro.
Zvinokosha zvinodikanwa zvePCI DSS
Iyo Payment Card Indasitiri Data Security Standards (PCI DSS) ine gumi nemaviri zvinodiwa mabhizinesi anofanira kusangana kuti aite kuteererwa. Izvi zvinodikanwa zvinofukidza zvakasiyana-siyana zvekuchengetedza data, zvinosanganisira kuchengetedzwa kwenetiweki, kutonga kwekuwana, encryption, uye njodzi manejimendi. Hezvino izvo zvakakosha zvinodiwa zvePCI DSS:
1. Isa uye chengetedza gadziriso yefirewall kuchengetedza data rine makadhi.
2. Usashandise zvigadziriso zvinopihwa nevatengesi zvemapassword ehurongwa uye mamwe maparameter ekuchengetedza.
3. Chengetedza data rakachengetedzwa rine makadhi kuburikidza nekunyorera.
4. Encrypt kutapurirana kwedata remuridzi wemakadhi pane yakavhurika, network yeruzhinji.
5. Shandisa uye gara uchivandudza anti-virus software kana mapurogiramu.
6. Gadzira uye chengetedza zvirongwa zvakachengeteka uye zvikumbiro.
7. Dzivirira kuwana data rine makadhi pane chinodiwa-kuziva.
8. Ipa chitupa chakasiyana nemunhu wese ane kombiyuta.
9. Dzivirira kuwanikwa kwemuviri kune data rine makadhi.
10. Tarisa uye tarisa kuwana kwese kunowanikwa kunetiweki zviwanikwa uye data rine makadhi.
11. Nguva dzose chengetedza maitiro ekuchengetedza uye maitiro.
12. Chengetedza mutemo unotaura nezvekuchengetedzwa kwemashoko kune vashandi uye makondirakiti.
Nekuita nekuchengetedza izvi zvinodiwa, mabhizinesi anogona kuwedzera zvakanyanya matanho ekuchengetedza data uye kuderedza njodzi yekutyorwa kwedata uye kuwana kusingatenderwe.
Matanho ekuwana uye kuchengetedza PCI DSS kutevedzera
1. Sarudza hukuru: Ziva masisitimu, maitiro, uye vanhu vanobatanidzwa mukuchengeta, kugadzirisa, kana kutumira data yevaridzi makadhi. Izvi zvichabatsira mabhizinesi kunzwisisa kukura kwezvisungo zvavo zvekuteerera.
2. Ita ongororo yegap: Ongorora mamiriro azvino ekuchengetedza matanho ebhizinesi maererano nezvinodiwa zvePCI DSS. Ziva nzvimbo idzo bhizinesi rinoperevedza uye gadzira hurongwa hwekugadzirisa aya mapundu.
3. Shandisa zvidzoreso zvinodikanwa zvekuchengetedza: Zvichienderana nekuongorora kwegap, shandisa zvidzoreso zvekuchengetedza zvinodiwa kuti usangane nezvinodiwa zvePCI DSS. Izvi zvinogona kusanganisira kuita mafirewall, encryption, zvidzoreso zvekupinda, uye mamwe matanho ekuchengetedza.
4. Gara uchitarisa uye kuyedza masisitimu ekuchengetedza: Ramba uchitarisa uye kuyedza masisitimu ekuchengetedza kuti uone kuti anoshanda nemazvo. Izvi zvinosanganisira kuita scannerability scans, kuyedza kupinda mukati, uye kuongorora marogi ehurongwa hwezviitiko zvinofungirwa.
5. Dzidzisa vashandi pamusoro pekuchengetedzwa kwemashoko zvakanakisisa maitiro: Dzidzisa vashandi nezvekukosha kwekuchengetedzwa kwemashoko uye basa ravo mukuchengetedza PCI DSS kutevedza. Ipa dzidziso pamusoro pemaitiro akanakisa ekubata data rine makadhi, kuziva kuyedza phishing, uye kuchengetedza mapassword.
6. Simbisa kutevedza: Shandisa A Qualified Security Assessor (QSA) kana kuita Self-Assessment Questionnaire (SAQ) kuti uongorore kutevedza kwebhizimisi nePCI DSS. Iyi nzira yekusimbisa inogona kusanganisira pa-saiti ongororo, ongororo yezvinyorwa, uye kubvunzurudza nevashandi vakakosha.
7. Chengetedza kutevedza: PCI DSS kutevedza inzira inoenderera mberi. Mabhizinesi anofanirwa kugara achiongorora uye kugadzirisa matanho avo ekuchengetedza kuti arambe achitevedzera. Izvi zvinosanganisira kugara uchifambirana nenguva neazvino zvigamba zvekuchengetedza, kuita masikirwo ekusagadzikana, uye nekukasira kugadzirisa kusadzivirirwa kwakaonekwa.
Nekutevera matanho aya, mabhizinesi anogona kumisa hwaro hwakasimba hwekuteerera PCI DSS uye kuchengetedza nharaunda yakachengeteka yedata revaridzi.
Maitiro akanakisa ekuchengetedza kadhi rekubhadhara data
Pamusoro pekutevedzera zvinodiwa nePCI DSS, mabhizinesi anogona kuita mamwe maitiro epamusoro kuti awedzere kuchengetedzwa kwedata rekadhi rekubhadhara. Heano mamwe maitiro akanakisa ekufunga nezvawo:
1. Shandisa multi-factor authentication: Inoda kuti vashandisi vape nzira dzakawanda dzekuzivikanwa, dzakadai sepassword uye imwe code yakasarudzika inotumirwa kune yavo nharembozha, kuti iwane masevhisi masisitimu uye data.
2. Gara uchigadziridza software nemasisitimu: Chengetedza ese software uye masisitimu anoenderana neazvino chengetedzo zvigamba uye zvigadziriso. Yechinyakare software inogona kuve nenjodzi iyo matsotsi anogona kushandisa.
3. Shandisa encryption kune ese akavanzika data: Encrypt ese ari pasi data, kusanganisira makadhi ane data, pakuzorora uye pakufamba. Encryption inovimbisa kuti kunyangwe data ikakanganiswa, haigone kuwanikwa pasina kiyi yekuvharira.
4. Shandisa zvidzoreso zvekupinda: Dzivirira kuwana data revaridzi vemakadhi kune avo chete vashandi vanorida kuti vaite mabasa avo. Gara uchiongorora kuwana kwevashandisi uye kudzora mukana kune vashandi vasingachazvidi.
5. Chengetedza uye chengetedza kuwana kwese kune data inonzwisisika: Shandisa danda rakasimba uye rekutarisa hurongwa hwekutevera uye kurekodha kuwana kwese kunzwisisike data. Izvi zvichabatsira kuona chero kupi kusina mvumo kana zviitiko zvinofungirwa.
6. Gara uchidzidzisa vashandi nezve cybersecurity maitiro akanakisa: Ita misangano yenguva dzose yekudzidzisa kudzidzisa vashandi nezve ichangoburwa cybersecurity kutyisidzira uye akanakisa maitiro ekuchengetedza data. Kurudzira vashandi kuti vataure chero zviitiko zvinofungirwa kana zviitiko zvingangoitika zvekuchengetedza.
Mafungiro akajairika nezve PCI DSS kutevedzera
Mabhizinesi anofanirwa kuziva akati wandei akajairika fungidziro nezve PCI DSS kutevedzera. Heino mienzaniso mishoma:
1. "PCI DSS kutevedza ndeyemabhizimisi makuru chete": Kuteerera kwePCI DSS kunoshanda kune mabhizimisi emhando dzose dzinobata data yemakadhi ekubhadhara. Kunyangwe mabhizinesi madiki anogadzira yakaderera vhoriyamu yekutengeserana anodiwa kutevedzera PCI DSS.
2. "PCI DSS kutevedza inguva imwe chete kuedza": Kubudirira PCI DSS kutevedzera haisi chiitiko chenguva imwe chete. Zvinoda kushanda nesimba uye kuongororwa nguva dzose kuti ive nechokwadi chekuti matanho ekuchengetedza anoramba achishanda uye aripo.
3. "Kushandisa purogiramu yekubhadhara yechitatu kunobvisa kudiwa kwekuteerera kwePCI DSS": Kunyange zvazvo kushandisa purogiramu yekubhadhara yechitatu kunogona kuderedza chiyero chekuteerera kwePCI DSS, mabhizimisi achiri nemabasa ekuchengetedza data yevaridzi vemakadhi mukati mehurongwa hwavo uye network.
Mabhizinesi anofanirwa kuve nekunzwisisa kwakajeka kwezvinodiwa uye zvinosungirwa zvePCI DSS kuteedzera kudzivirira kuwira mune izvi zvisirizvo.
PCI DSS kutevedzera kune akasiyana marudzi emabhizinesi (e-commerce, retail, etc.)
Izvo zvinodikanwa chaizvo uye matambudziko ekuzadzisa PCI DSS kutevedzera zvinogona kusiyana zvichienderana nerudzi rwebhizinesi. Heano mamwe maitiro emhando dzakasiyana dzemakambani:
1. E-commerce Bhizinesi: E-commerce mabhizinesi anogadzirisa kutengeserana pamhepo anofanira kuchengetedza webhusaiti yavo uye masystem ekubhadhara. Vanofanira kushandisa encryption yakasimba, nzira dzechokwadi dzechokwadi, uye nguva dzose kuchengetedzwa kwekuongorora.
2. Mabhizinesi ekutengesa: Mabhizinesi ezvitoro anobvuma makadhi ekubhadhara muchitoro anofanira kuchengetedza nzvimbo-yekutengesa (POS) masisitimu, kusanganisira vaverengi vemakadhi uye zviteshi. Ivo vanofanirwawo kuita matanho ekuchengetedza emuviri, senge makamera ekutarisa uye kurambidzwa kupinda munzvimbo dzakaoma.
3. Vashandi vebasa: Vapeji vebasa vanobata data yekadhi yekubhadhara kune mamwe mabhizinesi, akadai semagedhi ekubhadhara kana vanopa vanopa, vane mamwe mabasa. Vanofanirwa kuita matanho akasimba ekuchengetedza kuchengetedza data ravanobata uye kuona kuti vatengi vavo vari kuenderana nePCI DSS.
Mhando yega yega yebhizinesi inofanirwa kuongorora zvayakasarudzika zvinodiwa uye kugadzirisa matanho ekuchengetedza zvinoenderana kuti iwane PCI DSS kutevedzera.
Zvishandiso uye zvishandiso zvePCI DSS kutevedzera
Kuwana uye kuchengetedza PCI DSS kutevedzera kunogona kuve kwakaoma, asi akati wandei zviwanikwa uye maturusi aripo kubatsira mabhizinesi. Hezvino zvimwe zvinobatsira:
1. PCI Security Standards Council: Iyo PCI Security Standards Council inopa nhungamiro yakazara, zviwanikwa, uye maturusi emabhizinesi ari kutsvaga kutevedzera PCI DSS. Webhusaiti yavo inopa kuwana kune yazvino zviyero, yekuzviongorora mibvunzo, uye akanakisa maitiro ekutungamira.
2. Qualified Security Assessors (QSAs): QSAs inyanzvi dzakasimbiswa dzinogona kuongorora kutevedza kwebhizimisi nePCI DSS. Kuita muQSA kunogona kubatsira makambani kufamba munzira yekuteerera, kusimbisa kuedza kwavo, uye kupa zano renyanzvi pamatanho ekuchengetedza.
3. Vatengesi vekuchengetedza: Vazhinji vatengesi vekuchengetedza vanopa zvigadzirwa uye masevhisi kubatsira mabhizinesi kuwana PCI DSS kutevedzera. Ava vatengesi vanopa firewall masisitimu, encryption maturusi, intrusion yekuona masisitimu, uye njodzi yekuongorora masevhisi.
Nekushandisa izvi zviwanikwa uye maturusi, mabhizinesi anogona kukwenenzvera maitiro ekuteerera uye kuona kuti ari kuita anoshanda ekuchengetedza matanho.
mhedziso: Kuita kuti PCI DSS ive yakakosha kubhizinesi rako
Mumamiriro emazuva ano edhijitari, kuchengetedza ruzivo rwevatengi rwakanyanya kukosha. Mafemu muindasitiri yemakadhi ekubhadhara anotarisana nenjodzi huru yekutyorwa kwedata uye cyberattacks. Nekukoshesa kutevedza kwePCI DSS, makambani anogona kuchengetedza vatengi vavo data revaridzi vemakadhi, kuvaka kuvimba uye kuvimbika, uye kudzivirira mhedzisiro yakaoma.
Kutevedzera PCI DSS kunoda nzira inobatika yekuchengetedzwa kwedata, kusanganisira kuita matanho akasimba ekuchengetedza, kugara achitarisa uye kuyedza masisitimu, uye kudzidzisa vashandi maitiro akanaka. Pamusoro pezvo, mabhizinesi anofanirwa kufunga nezvekuita mamwe maitiro epamusoro ekuwedzera kuchengetedzwa kwedata rekubhadhara kadhi zvakare.
Nepo kuwana nekuchengetedza PCI DSS kuteera kungaite sekunetsa, zviwanikwa uye maturusi aripo kubatsira mabhizinesi. Nekushandisa zviwanikwa izvi uye kutora pfungwa inobatika yakanangana nekuchengetedza data, makambani anogona kuchengetedza data remutengi wavo ane kadhi uye kuchengetedza yakachengeteka yekutengeserana nharaunda.
Rangarira, PCI DSS kutevedzera haingori chinodikanwa asiwo nhanho yakakosha pakuvaka mukurumbira sebhizinesi rakavimbika uye rakachengeteka muindasitiri yemakadhi ekubhadhara.
