Security Management Strategies for the CIOAccess "PCI virtualization guidance warns of compliance challenges"
This article is part of the July/August 2011 issue of Computer incident response teams are a new line of defense
The PCI Security Standards Council is warning merchants about the complexities of protecting credit card data running in virtualized systems and cautioning that some configurations may make it nearly impossible for organizations to achieve compliance. The PCI DSS Virtualization Guidelines Information Supplement (.pdf), issued in June, has long been awaited by merchants, qualified security assessors (QSAs) and other security experts. In addition to providing information on virtualized systems located within the network, the document addresses merchants using cloud computing services for payment transactions. While the PCI virtualization document could help reduce the ambiguity in how QSAs assess virtualized environments, the report may be too broad, says Diana Kelley, a partner with Amherst, N.H.-based consulting firm SecurityCurve. “There's a lot of useful information here and it's a step towards better information on how to protect cardholder data in a virtualized environment,” Kelley says. “Given the scope of this document being both virtualization ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Information security market consolidation: A mixed bag
by Marcia Savage and Michael S. Mimoso
Big tech companies are scooping up security vendors with mixed results.
-
PCI virtualization guidance warns of compliance challenges
by Robert Westervelt
PCI group outlines challenges in achieving compliance with payment data on virtualized systems.
-
Information security market consolidation: A mixed bag
by Marcia Savage and Michael S. Mimoso
-
-
Turn your computer incident response team into counter-threat operations
by Richard Bejtlich, Contributor
Fending off modern computer attacks requires actively hunting down intruders.
-
Striving for better information security intelligence
by Scott Crawford
Security teams strive to gain visibility from a deluge of security information and put that data to work.
-
Turn your computer incident response team into counter-threat operations
by Richard Bejtlich, Contributor
-
Columns
-
Your information security career and the job market: Value of information security skills
by Lee Kushner and Mike Murray
Be aware of changing technology and industry trends, and your job prospects will fall in line.
-
The threat landscape and Web 2.0 technologies
by Ravila Helen White, Contributor
The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.
-
Does information security market consolidation mean the end of the line?
by Marcia Savage
Large IT companies are buying up security vendors, but that doesn’t mean there won’t be plenty of room for innovative startups.
-
Your information security career and the job market: Value of information security skills
by Lee Kushner and Mike Murray
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...