Network segmentation plays a vital role while complying with the Payment
Card Industry Data Security Standard. Effective segmentation helps in
reducing the scope of assessment, cost and risk to data security. The PCI
DSS standard recommends that networks which process, store or transmit card
holder data should be segregated and segmented from network environments
that don’t deal with card holder data to ensure security.
For a recent engagement with a client in the Middle East, we ensured that
the network segmentation was done in line with PCI DSS requirements to help
reduce the scope of the assessment. This document not only explains how this
segmentation was carried out but also illustrates a simple approach used to
test its effectiveness.
Click here to access the Case study
Udit Pathak is a Senior Security Analyst with Network Intelligence India. He has carried out various assignments on Information Security Audits, Web Applications security, Network Security, PCI DSS and ISO 27001.