Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.
I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.
Last week Carol Ferrara Zarb, industry solution manager sat down with me and talked about the work being done at Cisco around helping merchants address the Payment Card Industry Data Security (PCI DSS) 2.0 standards released last year.
Cisco will be hosting a webinar april 14th 10:00am PT hosted by Lindsay Parker, global director of retail industry marketing with guests including:
Christopher Novak, Managing Principal, Investigative Response, Verizon Business Security Solutions
Danny Dhillon, Principal, Security Engineer, RSA
Rob McIndoe, Senior Security Consultant, Verizon Business Security Solutions
where Carol Zarb and Cisco retail architect Christian Janoff will discuss Cisco’s solution to help merchants address and maintain PCI compliance.
Some facts about Cisco and Payment Card Industry Data Security Standards (PCI DSS)
I was reading an article recently about what auditors really think about the security and compliance requirements that they test for when doing a PCI DSS compliance audit. I was more than a little surprised to read that over 60% of the 505 auditors in the study referenced said the organizations they audit don’t believe compliance improves their data security effectiveness. I’m a bit perplexed by that. After all, there are only 12 requirements in the PCS DSS specification, and they seem pretty straightforward and simple to me. Read More »
Recently, our country was up in arms over the new airport security requirements imposed by the Transportation and Security Agency. Travelers complained that new full-body scanners and pat-downs at airport security checkpoints were inconvenient and invasive, and major concern ensued that objectors to the new regulations would cause significant delays over the Thanksgiving holiday — the busiest travel time of the year. Grassroots groups were encouraging travelers to either refrain from flying or opt out of full-body scans and choose the more time-consuming pat-downs as a protest. Despite all the hoopla, the Thanksgiving travel rush was not impacted by the new laws. In fact, a recent CBS poll revealed that 4 out of 5 people support the new security measures.
We as individuals like to whine about laws and regulations that keep us safe, and the same can be said for organizations. As Cisco security team members, we have heard our share of customers grumble about regulatory compliance requirements such as HIPAA, SOX, and most recently the Payment Card Industry (PCI) Data Security Standards (DSS). These regulations can be, at times, cumbersome to deal with. Yet, when asked in a recent Cisco-commissioned survey about their sentiments on PCI compliance, organizations were largely positive and on board with PCI.
One of the phrases sometimes heard in certain circles I have traveled in was “Don’t be a victim,” or its near cousin “Don’t allow yourself to be victimized.” While these words of wisdom were passed around in some of the rough, hard biker hangouts up in the Santa Cruz mountains, they are relevant to the world of Borderless Networks as well.
In terms of mitigating risk, one of the very best things you can do is actually one of the simplest. When it comes to passwords, pick a good one and use it. Mix in numbers, special characters, uppercase and lowercase and avoid names and dictionary words and you are going to be in a far better place. Oh, and as 4chan illustrated when they hacked a Christian dating site, never assume that your password will not be stolen – you may want to use different passwords. For mobile devices, which are prone to being left in various places, it is critical to have a password protected locking home screen.