Vineyard & Winery Management

abilities and develop timely security patches and upgrades. Establish policies and procedures. Codify limits to the storage and retention time of PCI data and document an IT security policy and incident response plan. Facilitate secure network implementation. The payment application shouldn't hinder your ability to implement it into a secure network environment. Nor should it interfere with use of network address translation, port address translation, traffic filtering network devices, antivirus protection or encryption. Don't store cardholder data on Internet-facing systems. The payment application shouldn't require that the database and web servers be on the same server or in the DMZ (perimeter network) with the web server. 86 V I N E YARD & WINERY MANAGEMENT | Facilitate secure remote access to the cardholder environment. Access should be authenticated using a two-factor mechanism, such as RADIUS or TACACS, with hardware tokens. Encrypt sensitive traffic over public networks. Use encryption techniques (such as Secure Socket Layer) when transmitting sensitive data over the Internet. Of course, given that the risks associated with not fully complying with the PCI DSS are high, it might be wise to retain a qualified security assessor (QSA), authorized by the PCI DSS governing body, to assess and validate your compliance. QSAs can provide many services, including a report on PCI DSS compliance or an attestation on compliance for a higher level of assurance; external network secu- Sept - Oct 2013 rity scanning; penetration testing to assess vulnerabilities exposed to attack by hackers; self-assessment questionnaire assistance that helps internal audit staff assess systems and correct deficiencies; and remediation services that help fix known problems or security breaches. You can find more information on the PCI DSS on the PCI Council's website (www.pcisecuritystandards.org) or by talking with your card processor or bank. Troy Hawes is a manager at Moss Adams LLP, one of only 309 companies in the world to be certified as a QSA. Hawes provides IT consulting and audit services to a wide range of clients in the retail and hospitality industries. You can reach him at (206) 302-6529 or troy.hawes@ mossadams.com. Comments? Please e-mail us at feedback@vwmmedia.com. w w w. v w m m e d i a . c o m

• Cover
• What's Your wine Brand Worth?
• Clos du Bois Tests New Wastewater Treatment System
• Can Catalytic Water Conditioners Benefit Vineyards?
• New Bug on the Block
• Walsh Vineyards Management Embraces Technology Innovations
• Super Sparklers
• Q&A: Bill Foley
• Telemarketing and Social Media Compliance
• Preventing Payment Card Fraud
• The Evolution of Electronic Procurement
• Scene at: International Women's Wine Competition
• News in Focus
• Uncorking PR: 'Tis the Season for PR Planning
• Wine Wise Marketing: Think Ahead Now
• End Post: Nutrition Facts Are a Waste of Label Space
• Market Watch: Moscato Diversifies
• Northwest Watch: Yakima Valley Renaissance
• Soil & Cellar: Urgent Need Requires Patience
• Editor's Desk
• Suppliers Guides: Financial Services, Bottles and Closures
• Spotlight
• Calendar
• Advertiser Index