BreachExchange mailing list archives
PCI Compliance does give protection against data breaches
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 7 Oct 2010 02:00:08 -0400
http://www.itwire.com/business-it-news/security/42297-pci-compliance-does-give-protection-against-data-breaches Based on a sample of 200, Verizon Business determined that those organisations suffering some kind of data breach were 50% less likely to be PCI compliant. The Payment Card Industry Data Security Standard (PCI-DSS) is a wide-ranging set of rules, procedures and technical implementations that assist to ensure the security and confidentiality of credit card information in the hands of vendors and other payment processing organisations. It has always been assumed that the greater adherence an organisation has to PCI-DSS, the more resilient it would be to an attack. Verizon Business' research into the topic conducted by its team of Qualified Security Assessors in the execution of site assessments gives real insight into levels of compliance and the likelihood of intrusion. "The Verizon Payment Card Industry Compliance Report gives organisations an unprecedented view into the state of PCI compliance across the board, specifically pointing out which requirements are most difficult to meet," said Peter Tippett, vice president of technology and innovation at Verizon Business. "We hope this report will help organisations approach PCI compliance in a more informed and effective way. Ultimately, we want the same thing as the rest of the industry: fewer payment card losses and data breaches." According to the report: Only 22 percent of organisations are compliant initially. Most organisations were not compliant with the PCI requirements at the time of the Initial Report on Compliance, when Verizon QSAs first evaluate an organisation against the standard. The majority of the fully compliant organisations were veterans of the process or were not required to comply with all of the requirements. Compliance, however, is in reach. While 78 percent of organisations are not compliant initially, the findings show that, on average, organisations meet 81 percent of the procedures required by PCI. In fact, three-quarters of the organisations met at least 70 percent of the testing procedures, meaning that with more diligence, they have a good chance of becoming compliant. Only 11 percent of organisations met less than half the testing procedures at the time of their initial review. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Take CREDANT Technologies short survey on cloud usage and security. Take the survey: http://www.surveymonkey.com/s/TXDR7WT Respond by October 12, 2010. Enter to win a $500(US) Amazon Gift Card.
Current thread:
- PCI Compliance does give protection against data breaches Jake Kouns (Oct 06)