Article

The effects of PCI DSS, compliance requirements on the security industry

Robert Westervelt, News Director

    Requires Free Membership to View

Any analyst or security expert will tell you that the Payment Card Industry Data Security Standard (PCI DSS) has had a profound effect on the security industry.

The credit card giants created the PCI Security Standards Council in 2006 to supply a blueprint that merchants can use to better protect credit card data. While some studies suggest PCI DSS compliance requirements are encouraging merchants to deploy a minimal level of security, critics such as Joshua Corman, director of enterprise security research at the 451 Group, point to some potentially negative consequences.

In this edition of Security Wire Weekly, Corman and Paul Judge, chief research officer of Barracuda Networks, talk about compliance's role in shaping the security industry and whether it has hindered the emergence of innovative security technologies. Judge argues that compliance has stimulated specific security markets, cranking up competition. "Everyone benefits from a vast amount of improvements over a short amount of time," Judge said.

Corman, however, explains that compliance incentivizes behaviors and actions and can result in unintended consequences. PCI 6.6 helped fuel adoption of Web application firewalls, and "caused potentially some innovation and competition in a very narrowly defined category of security controls." But many of the security controls advocated by PCI and other compliance mandates are well past their expiration date and pretty easily defeated on a regular basis, Corman said.

Play now:

You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:

The effects of PCI DSS
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As


Read about how PCI DSS requirements and compliance is straining UK retail and finance firms.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: