PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
June 2007

PCI becoming overly complex and expensive

The original intent of the Payment Card Industry Data Security Standard (PCI DSS)--which grew from the early Visa Cardholder Information Security Program (CISP) initiative in 2001--was admirable. The objective: create an open security standard that was achievable by all merchants for the protection of cardholder data. Unfortunately, the program has lost its way in many respects. Today, PCI DSS is complex and costly, especially for smaller businesses. Many of these costs and complexities are unnecessary and avoidable. For instance, the PCI Security Standards Council, formed last year, charges security vendors between $10,000 and $30,000 annually to be listed as a qualified security assessor and between $5,000 and $10,000 annually to be listed as an approved scanning vendor. Charging companies fees to provide CISP/PCI audit and scanning services was not part of the original plan for the standard, nor was the council. This has the potential to warp the program in several ways. First, several reputable and respected industry ...

Access this PRO+ Content for Free!

Features in this issue

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.

  • Encryption key management blunders can render deployments useless

    Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.

Columns in this issue