20 Sep 2007
More than half of enterprises are not meeting the data security standards established by the Payment Card Industry, according to a new report published by VeriSign. The main reason for the lack of compliance is because firms are not carrying out regular analysis of data that is being retained, the security specialist said.
Simon Church, head of VeriSign for Europe, the Middle East and Africa, advised firms to indoctrinate better procedures for managing data across their environments. He explained that many organisations retain information they do not need, and instead they should be more thorough in analysing their data and deciding which of it is necessary to keep.
Church added that as the data security industry is changing so rapidly, if organisations establish certain processes just to pass the PCI audit, that might not be adequate to meet future standards requirements. Instead, firms need to assimilate good practice for data management and security in their DNA, he advised.
Companies failing to comply with PCI standards could face financial penalties or losing the ability to process credit card transactions. Church said that data security aspects need to be considered by the whole business rather than just the IT department, because ultimately bad publicity from compliance failures will cause serious consequences for the business.
It does make sense that good practice for data security should be embedded into the firms' DNA, but it seems as though some of the requirements are more difficult to satisfy and verify than others. I've seen other recent research that shows the requirements around "file integrity monitoring" are among the last to be satisfied and represent the largest precentage of those not being fulfilled. While there doesn't seem to be one solution to solve all of the PCI requirements, luckily there is technology available to help satisfy and sustain the difficult requirements of PCI compliance for file integrity monitoring and ensuring critcal file data is not compromised. Specifically, I've been successful using Solidcore change control software.
Posted by: IT Director 21 Sep 2007
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
