Access "What does PCI compliance really mean?"
This article is part of the September 2009 issue of 2009 Security Readers' Choice Awards
While PCI has probably helped fund many a security project and infused lots of dollars to security vendors in the last three to four years, why are companies that are PCI-compliant getting compromised? The problem lies in the fact that security professionals and their bosses are still under the false impression that compliance equals security. Interestingly what some originally found as refreshing (clear language and guidance) are now the things that hinder the standard. Because PCI is very prescriptive and lays out exactly what needs to be done, it can lull an organization into a false sense of security. Just look at Hannaford and Heartland Data Systems. Both were PCI-compliant but both were compliant at one particular moment in time. Recently the Heartland Data Systems CEO Robert Carr blamed the QSA for its huge data breach woes. The problem is a seal of approval from an auditor does not in any way shape or form ensure that your organization is secure. Many in the security industry were up in arms over his statements, arguing that Carr was shirking his ... Access >>>
Premium Content for Free.
2009 Information Security magazine Readers' Choice Awards
For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.
Truth, lies and fiction about encryption
by Adrian Lane, Contributor
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.
- 2009 Information Security magazine Readers' Choice Awards
Security threats to virtual environments less theoretical, more practical
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.
- Security threats to virtual environments less theoretical, more practical
Security best practices in hotels
Accountability for Internet security should be placed on users, not service providers such as hotels.
Schneier-Ranum Face-Off: Is Perfect Access Control Possible?
Security experts Bruce Schneier and Marcus Ranum debate whether perfect access control is possible.
What does PCI compliance really mean?
Passing an audit can lull an organization into a false sense of security.
- Security best practices in hotels
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...