Requirement 12: Maintain a policy that addresses information security
A strong security policy sets the security tone for the whole company and informs employees what is expected of them. All employees should be aware of the sensitivity of data and their responsibilities for protecting it.
No Setup Fee!
Hurry! Offer Expires on 5/31/09
Summer is coming. Time for vacations, trips, cookouts, and to start looking towards the holiday season. If you’ve thought about opening up an online store, now is the right time.
Sign up before 5/31/09 and we will waive the setup fee! Thats a $100.00 savings.
Sign up online or give ma a call at 1-800-828-6650 x 118
Requirement 10: Track and monitor all access to network resources and cardholder data
Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis when something does go wrong. Determining the cause of a compromise is very difficult without system activity logs.
Requirement 11: Regularly test security systems and processes
Vulnerabilities are being discovered continually by hackers and researchers, and being introduced by new software. Systems, processes, and custom software should be tested frequently to ensure security is maintained over time and with any changes in software.
Interesting findings about eye tracking. You need to read this if you want your online ads to work
- “Dominant headlines most often draw the eye first upon entering the page”
- “Smaller type encourages focused viewing behavior…. larger type promotes lighter scanning”
- “a headline has less than a second of a site visitor’s attention”
- “For headlines — especially longer ones — it would appear that the first couple of words need to be real attention-grabbers”
- “Navigation placed at the top of a homepage performed best”
- “Shorter paragraphs performed better in Eyetrack III research than longer ones.”
- “We found that ads in the top and left portions of a homepage received the most eye fixations”
- “Size matters. Bigger ads had a better chance of being seen”
- “Close proximity to popular editorial content really helped ads get seen”
- “the bigger the image, the more time people took to look at it.”
- “Our research also shows that clean, clear faces in images attract more eye fixations on homepages”
Original source: poynterextra.org
Requirement 7: Restrict access to cardholder data by business need-to-know
This requirement ensures critical data can only be accessed by authorized personnel.
Requirement 8: Assign a unique ID to each person with computer access
Assigning a unique identification (ID) to each person with access ensures that actions taken on critical data and systems are performed by, and can be traced to, known and authorized users.
Requirement 9: Restrict physical access to cardholder data
Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted.
Requirement 5: Use and regularly update anti-virus software
Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all systems commonly affected by viruses to protect systems from malicious software.
Requirement 6: Develop and maintain secure systems and applications
Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor provided security patches. All
systems must have the most recently released, appropriate software patches to protect against exploitation by employees, external hackers, and viruses.
Requirement 3: Protect stored cardholder data
Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed and not sending PAN in unencrypted emails.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Sensitive information must be encrypted during transmission over networks that are easy and common for a hacker to intercept, modify, and divert data while in transit.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These Passwords and settings are well known in hacker communities and easily determined via public information.
This may seem like common sense, but you would be surprised. There are many manufacturers that set very easy default passwords on their products before shipping. Some as easy as the word PASSWORD.
We have a very stringent password protocol here that includes weekly password changes. This is a practice that each and every one of us should adhere to.
- Use at least eight characters, the more characters the better really, but most people will find anything more than about 15 characters difficult to remember.
- Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
- Don’t use a word found in a dictionary, English or foreign.
- Never use the same password twice.
Things To Avoid
- Don’t just add a single digit or symbol before or after a word. e.g. “apple1″
- Don’t double up a single word. e.g. “appleapple”
- Don’t simply reverse a word. e.g. “elppa”
- Don’t just remove the vowels. e.g. “ppl”
- Key sequences that can easily be repeated. e.g. “qwerty”,”asdf” etc.
- Don’t just garble letters, e.g. converting e to 3, L or i to 1, o to 0. as in “z3r0-10v3″
- Don’t use passwords based on personal information such as: name, nickname, birthdate, wife’s name, pet’s name, friends name, home town, phone number, social security number, car registration number, address etc. This includes using just part of your name, or part of your birthdate.
- Don’t use passwords based on things located near you. Passwords such as “computer”, “monitor”, “keyboard”, “telephone”, “printer”, etc. are useless.
- Don’t ever be tempted to use one of those oh so common passwords that are easy to remember but offer no security at all. e.g. “password”, “letmein”.
- Never use a password based on your username, account name, computer name or email address.
Check out more great password tips at Lockdown
What is a web page title?
Web page titles are the words that are displayed at the top of the window for each web page that is opened. Usually people do not pay too much attention to the title of a web page unless it is minimized. The title is how people tell which web page they want to return to before they maximize the window.
That is not the only reason for titles, however. Web page titles are also used in web search engines. They are often what is displayed in a search result for a particular key word. The web page title is usually the bolded term that is clicked on to bring up that particular web page. Titles usually are named according to the subject of the site. Sometimes the name of the site is used, but other times the titles usually just list what the page is about.
Why is the page title important?
As can be imagined, the web page titles can be quite important. This is due to the fact that a lot of web traffic is dependent on the web page title. People usually choose clear, short, and relevant titles to the keyword that they are searching for. Web page titles that are confusing or that look nothing like the chosen keyword are much less likely to be clicked on. This means that that site is receiving much less visitors that a site with better web page titles.
Creating web page titles
It is easy to come up with relevant, short titles. The first thing to do is create the page. It is hard to name a page that does not exist. Once the content is created then the next step is to create the title. The title should reflect what that particular page is about. A page about how to clean a pool could be titled, “Easy pool cleaning.” The idea is to use as many keywords as possible to get the site higher up in the search engine rankings. The actual content of the site has a lot to do with the rankings, but a good title helps as well.
One of the best things to do when creating titles is to eliminate filler words. Anything that is not directly related to the content of the page should be eliminated. A title like “A discussion on the quality of different hotel chains,” could be shortened to “Hotel chain quality review” or something similar. The least amount of filler words possible should be the goal of any title. The web site name can be included in the title sometimes, but only if it flows well with the rest of the title.
These tips should help with the creation of web page titles. It is important to never underestimate the power of small things to make a big difference in the ratings of a web page. A good title combined with good content should be well on the way to topping the charts of any search engine.