Top 5 Myths

Myth 2: PCI will make us secure

By John Kindervag

Myth No. 2 is a follow up to Myth No. 1. Once your client is PCI compliant, they may become complacent, thinking that they are unhackable. Again, PCI is designed to be good, basic, baseline security. It's meant to deter the lazy attacker. It's designed to watch the internal user. Like all security, diligence is required. The PCI audit or assessment you conduct is a snapshot in time. But as time passes, it's easy to move out of compliance or become less secure in some way. The purpose of PCI from a corporate perspective is to meet the "safe harbor" needs of the PCI standard and thereby mitigate the follow on risk associated with a breach. PCI compliance is a continual process -- a great foundation to create information security awareness and build an increasingly strong fortress around an organization's sensitive data.

Five myths of PCI compliance

  Introduction to the myths of PCI compliance
  Myth 1: PCI is hard
  Myth 2: PCI will make us secure
  Myth 3: Encryption is scary
  Myth 4: "I don't take enough credit cards…"
  Myth 5: Product X will make me compliant
About the author
John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

This was first published in August 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: