| In recent years, virtualization technology and cloud computing are developing rapidly due to the advantages in improving resource utilization and reducing costs. More and more organizations start to construct their information systems on a virtualized platform, or migrate the original information systems to a virtualized platform. Especially, some financial institutions build the payment card systems in virtualized environment. On the other hand, virtualization also brings some new security risks. As a security standard designed to protect cardholder databy Payment Card Industry Security Standard Council, PCI DSS is influenced seriously by virtualization. So how to meet the requirements of the PCI DSSand prove compliance through appropriate detection mechanismsneed to be solved. Otherwise, the cost savings and efficiencies promised by virtualized infrastructure may be erased by increased security risk and huge efforts that must be put toward achieving and proving compliance.In this paper, I read the security requirements of PCI DSS and refer to the PCI DSS virtualization guidelines. Then I analyze the effects on PCI DSS because of the utilization of virtualization technology inpayment card system and introduce some security measures proposed in order to meet PCI DSS compliance in virtualized environment. I also do some researches on related technologies that can be used for compliance testing Based on these works, I design two automated detection means to prove that if the system meets the specific items of the PCI DSS currently. It reduces the manual testing work and improve the efficiency and accuracy of compliance detection. At the same time, it helps the organizations to find out the non-compliant operations in time, enhance the security of the system and protect the cardholder data much better... |
PDF Full Text Request