While there is a world of difference between a deck of 52 and a deck of credit cards, it is still wise to hold those payment cards close to the vest. A solid part of protecting those cards from prying eyes is ensuring your insurance firm is compliant with the Payment Card Industry’s Data Security Standard.
Is PCI compliance important to insurers? Every carrier CTO and CIO I have asked has said , “Yes, it is…and we are working on it now.” I’d venture to say, as with all compliance and risk management it is not a one-and-done effort, as regular reviews are required.
Today, April 14, 2011, Cisco announced its newest work in the area of helping companies across all industries comply with the PCI DSS 2.0 guidelines. And since the PCI DSS guidelines apply to all companies—including insurance—that transmit, process or store credit card transactions and cardholder information, I’ve recorded a video in which I discuss the PCI DSS standard and its applicability to insurance.
Cisco is at the table with its customers when it comes to enabling PCI compliance and is an active member of the Payment Card Industry Securities Standard Council’s Board of Advisors. We completed a new Cisco Design and Implementation Guide that includes 30+ Cisco and technology partner products that have been examined by an auditor.
Technologies involved in the assessment include core routing, switching and wireless, plus collaboration and physical security technologies.
Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.
I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.
I was reading an article recently about what auditors really think about the security and compliance requirements that they test for when doing a PCI DSS compliance audit. I was more than a little surprised to read that over 60% of the 505 auditors in the study referenced said the organizations they audit don’t believe compliance improves their data security effectiveness. I’m a bit perplexed by that. After all, there are only 12 requirements in the PCS DSS specification, and they seem pretty straightforward and simple to me. Read More »
While Cloud Computing is getting the majority of the headlines within the IT industry, it could easily be argued that no industry is going through as much change as Healthcare. Whether it’s Healthcare reform in the United States, the rollout of Telemedicine solutions (by corporations and municipalities), or online collaboration to educate and discuss outbreaks and crisis, the business of keeping people well is going through radical change. Not only are the economics of Healthcare being forced to change, but so to is the technology that allows doctors to deliver care, medical records to be stored and researchers to find the next cure.
This past week I had the opportunity to present at the NCHICA “Health Information in the Cloud” along with experts from industry, technology, law and standards-bodies. The conference focused on many aspects of Healthcare + Cloud, including HIPPA standards, Legal and Compliance considerations, Security, Deployments in Public vs. Private Clouds, offerings from Managed Service Providers and real-world case studies (presentations can be found here and here). The presentation we gave focused on the infrastructure required to build Private Cloud.
Will PCI 2.0 Bring Virtual Relief to Real Questions?
PCI Data Security Standard (PCI DSS) 1.2.1, which is a set of standards for retail and other verticals that defines the requirements for security compliance, is relatively simple and straightforward. 12 requirements define the spirit and intent of the standard. These are good, common sense guidelines and best practices that are derived from decades of experience keeping customer data secure. However, there are areas where PCI DSS could do a better job of handling what has become common, well accepted practices; virtualization is one of those areas. Read More »