July 15, 2012 at 6:16 pm
I have been assigned a project that will be to build a SQL server 2008 R2 instance that is secure and PCI compliant. We are going to be securing credit card data in a single database. That is basically all that will be on this server. We are talking about using auditing, TDE, column level encryption. We are using this deployment as a baseline for future development efforts and possibly using the experience we gain for changing existing solutions. Possible use of Policy Based Management to perform audit and checks on the server to verify security maintains specifications.
My question is does anyone have any good resources to suggest. (Books, online articles or resources, etc.)
July 16, 2012 at 2:13 am
TDE might be a bit overkill if all your encrypting is the PAN, for that column level encryption would probably be the better choice to make on its own.
This might be a good starting point to read upon https://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx
July 17, 2012 at 1:20 pm
Thanks for the information, I will check it out.
July 19, 2012 at 12:34 pm
Hire an expert who's familiar with PCI-DSS implementations and audits to give you advice and show you the references they use, and the caveats for their use; security is an area where it's easy to find web pages or books, follow their advice, and end up with a system that appears to work but is actually tremendously insecure.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply