{"id":1101,"date":"2013-02-23T11:49:29","date_gmt":"2013-02-23T09:49:29","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=1101"},"modified":"2013-02-23T11:50:35","modified_gmt":"2013-02-23T09:50:35","slug":"flow-diagram-of-payment-card-data-or-personal-data-in-the-cloud","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=1101","title":{"rendered":"Flow diagram of payment card data, or personal data, in the cloud"},"content":{"rendered":"<p>The recent PCI DSS Information supplement &#8220;<a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/PCI_DSS_v2_Cloud_Guidelines.pdf\">PCI DSS Cloud Computing Guidelines<\/a>&#8221; emphasizes the same message as earlier guidelines like<\/p>\n<ul>\n<li>\n<div>ISO standard &#8220;<a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=45123\">29100 Privacy Framework<\/a>&#8220;<\/div>\n<\/li>\n<li>\n<div>NIST SP 800-122: <a href=\"http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-122\/sp800-122.pdf\">Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)<\/a><\/div>\n<\/li>\n<li>\n<div>NIST SP 800-122: <a href=\"http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-144\/SP800-144.pdf\">Guidelines on Security and Privacy in Public Cloud Computing<\/a><\/div>\n<\/li>\n<li>\n<div>ITU-T ITU-T Technology Watch Report: <a href=\"http:\/\/www.itu.int\/dms_pub\/itu-t\/oth\/23\/01\/T23010000160001PDFE.pdf\">Privacy in Cloud Computing<\/a><\/div>\n<\/li>\n<\/ul>\n<p>They all emphasize that in order to protect data, one have to know where and when the data is used or stored.<\/p>\n<p>Some highlights from the PCI DSS document:<\/p>\n<ul>\n<li>\n<div>Figure 3: How PCI DSS responsibilities may be shared between clients and CSPs.<\/div>\n<\/li>\n<li>\n<div>Chp 4: Segmentation and Scoping<\/div>\n<\/li>\n<li>\n<div>Appendices with samples:<\/div>\n<ul>\n<li>\n<div>Appendix A: Sample PCI DSS Responsibilities for Different Service Models<\/div>\n<\/li>\n<li>\n<div>Appendix B: Sample Inventory<\/div>\n<\/li>\n<li>\n<div>Appendix C: Sample PCI DSS Responsibility Matrix<\/div>\n<\/li>\n<li>\n<div>Appendix D: PCI DSS Implementation Considerations<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Related Links<\/strong><\/p>\n<ul>\n<li>\n<div>PCI DSS Webinar <a href=\"http:\/\/www.webcastgroup.com\/webcast\/window_new\/universalHTML5.aspx?webcastID=6128\">Feb 2013<\/a> (50 min audio)<\/div>\n<\/li>\n<li>\n<div><a href=\"https:\/\/cloudsecurityalliance.org\/education\/training\/#PCI\">PCI DSS in the Cloud Training<\/a> by <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=225\">CSA<\/a><\/div>\n<ul>\n<li>\n<div><a href=\"https:\/\/cloudsecurityalliance.org\/wp-content\/uploads\/2012\/07\/CSA_PCI_CLOUD.ppt\">course ppt<\/a><\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Webinar &#8220;<a href=\"https:\/\/www.brighttalk.com\/webcast\/288\/67107?utm_source=google&amp;utm_medium=ppc&amp;utm_term=trend&amp;utm_content=ad1&amp;utm_campaign=US\">Decoding New PCI DSS Guidelines for Cloud Computing<\/a>&#8221; by TrendMicro<\/div>\n<\/li>\n<li>\n<div><a href=\"https:\/\/aws.amazon.com\/security\/pci-dss-level-1-compliance-faqs\/\">Amazon PCI DSS level 1 FAQ<\/a><\/div>\n<\/li>\n<li>\n<div>Auditing<\/div>\n<ul>\n<li>\n<div>ISACA&#8217;s <a href=\"http:\/\/www.isaca.org\/Knowledge-Center\/Research\/ResearchDeliverables\/Pages\/Personally-Identifiable-Information-PII-Audit-Assurance-Program.aspx\">Personally Identifiable Information (PII) Audit\/Assurance Program<\/a> (<a href=\"http:\/\/www.isaca.org\/Knowledge-Center\/Standards\/Pages\/IT-Audit-and-Assurance-Guidelines.aspx\">G31 Privacy<\/a> is withdrawn)<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Other Links<\/strong><\/p>\n<ul>\n<li>\n<div><a href=\"http:\/\/www.oecd.org\/internet\/interneteconomy\/47683378.pdf\">OECD Privacy Guidelines<\/a><\/div>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The recent PCI DSS Information supplement &#8220;PCI DSS Cloud Computing Guidelines&#8221; emphasizes the same message as earlier guidelines like ISO standard &#8220;29100 Privacy Framework&#8220; NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) NIST SP 800-122: &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=1101\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[37,3,32,26,44],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1101"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1101"}],"version-history":[{"count":1,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions"}],"predecessor-version":[{"id":1102,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1101\/revisions\/1102"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}