|
Having trouble with PCI compliance? You're not alone. Auditors and audit survivors offer tips for how to achieve it.
By all accounts, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is on the upswing. According to Visa USA, compliance among the largest merchants shot up dramatically, from about 12 percent in March 2006 to 77 percent by the end of last year. And media reports indicate the standard is gaining ground in the European Union, where many countries--the U.K. in particular--are stepping up compliance efforts.
Yet successful PCI Report on Compliance (RoC) completion remains a confusing venture and elusive to many. Some of the confusion stems from the convoluted path of accountability. Although the PCI DSS is often touted as a one-stop standard, each of the five major card brands continues to maintain separate compliance programs. Some brands have announced heavy noncompliance fees in the form of penalties and higher transactions rates, but it is the acquiring banks that decide when and how to pass on these fees to their retail and merchant customers. And despite the prescriptive nature of PCI, the standard changes when updates are issued, and Qualified Security Assessors (QSAs) have room to interpret the standard. It's not uncommon for a QSA's interpretation of the standard to differ from that of the company under review.
Still, while PCI DSS compliance may not always be easy, it's definitely achievable.
 |
|
|
|
|
|
|
|
|
|
|
|
|
data points
Launch
Microsoft ships Windows XP on October 25, 2001 in two versions, Professional and Home Edition. Features include a built-in firewall, and the Professional version includes file encryption and other security functions.
First-year fixes
Within the first year of Windows XP's availability, Microsoft issues 30 security bulletins with corresponding patches for 65 vulnerabilities.
Security Campaign
Bill Gates announces Microsoft's Trustworthy Computing initiative in an internal email to employees on Jan. 15, 2002. Company reorganizes its code development around a secure development lifecycle program.
Updates
Microsoft announces the release to manufacturing of Windows XP Service Pack 2 on Aug. 6, 2004. The software giant touts the update's security features, including stronger default security settings.
Statistics
Secunia reports that 34 percent of the 193 security advisories it issued for Windows XP Professional between 2003 and 2008 were highly critical. Four percent were extremely critical and 23 percent were ranked as moderate, according to the Danish vulnerability tracker.
Vista
Successor to Windows XP, Vista is released to business users on Nov. 30, 2006. In Vista's first year, Microsoft releases 17 security bulletins addressing 36 security vulnerabilities.
|
|
|
|
|
|
|
|
|
