Security Management Strategies for the CIOAccess "PCI council developing point-to-point encryption certification program"
This article is part of the November 2011 issue of Effectively navigating the security risk assessment process
After issuing validation requirements for hardware-based point-to-point encryption, the PCI Security Standards Council is now developing a new program to certify point-to-point encryption products. A list of certified components is due out in April. Bob Russo, general manager of the PCI SSC, says the program will be modeled after certification procedures used for payment applications and PIN pad devices. The point-to-point encryption certification program will focus on securing and monitoring the hardware, developing and maintaining secure applications, and secure key management methodologies. “We looked at existing standards and referenced some best practices to come up with this program and certify some of these things,” Russo says. “I want to caution that anybody who thinks they are going to pick out a solution from this list and automatically be compliant is going to be surprised; there are still PCI compliance activities at the foundation of what they’ve got to do.” Point-to-point or end-to-end encryption has been touted by providers as a way to ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
PCI council developing point-to-point encryption certification program
by Robert Westervelt, News Director
PCI Security Standards Council plans to release a list of certified components in April.
-
VDI security supports active protection strategies
by Eric Ogren, Contributor
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.
-
PCI council developing point-to-point encryption certification program
by Robert Westervelt, News Director
-
-
Overcoming obstacles in the security risk assessment process
by Craig Shumard and Serge Beaulieu
An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.
-
Cybersecurity threats target lack of SMB security
by Amy Rogers Nazarov
Cybercriminals are zeroing in on small and midsize businesses with fewer security resources.
-
Overcoming obstacles in the security risk assessment process
by Craig Shumard and Serge Beaulieu
-
Columns
-
Marcus Ranum chat: Information security monitoring
by Marcus J. Ranum, Contributor
Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.
-
The lack of computer security: We’re all responsible
by Elizabeth Martin
We all have an explanation for weak security, but everyone needs to do their part to improve it.
-
Time for discourse on China computer hacking
by Michael S. Mimoso, Editorial Director
China is being accused of hacking corporate, government and military networks in the U.S. for economic gain. Policy makers need to be versed in cybersecurity and figure out how to respond.
-
Marcus Ranum chat: Information security monitoring
by Marcus J. Ranum, Contributor
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...