Myth 2: PCI will make us secure

PCI compliance does not mean total security. While it is a reliable first line of defense, potential breaches are always a possibility as technologies change. Diligence and maintenance are constantly required to maintain a safe network.

Published: 13 Aug 2007

By John Kindervag

Myth No. 2 is a follow up to Myth No. 1. Once your client is PCI compliant, they may become complacent, thinking that they are unhackable. Again, PCI is designed to be good, basic, baseline security. It's meant to deter the lazy attacker. It's designed to watch the internal user. Like all security, diligence is required. The PCI audit or assessment you conduct is a snapshot in time. But as time passes, it's easy to move out of compliance or become less secure in some way. The purpose of PCI from a corporate perspective is to meet the "safe harbor" needs of the PCI standard and thereby mitigate the follow on risk associated with a breach. PCI compliance is a continual process -- a great foundation to create information security awareness and build an increasingly strong fortress around an organization's sensitive data.

Five myths of PCI compliance

Introduction to the myths of PCI compliance
Myth 1: PCI is hard
Myth 2: PCI will make us secure
Myth 3: Encryption is scary
Myth 4: "I don't take enough credit cards…"
Myth 5: Product X will make me compliant

About the author

John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Why your company needs the Payment Card Industry Data Security Standard If you think Payment Card Industry Data Security Standard is just for merchants, think again. Here's why virtually every company can boost security and address risk issues using PCI DSS.

PCI audit conflict of interest problems persist Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.

Does retail security take a backseat during the 'holiday IT lockdown'? The Target data breach highlighted a dirty secret in retail IT: "Holiday IT lockdown" periods that limit security activity put retailers at risk.

Next generation SIEM could boost network visibility, but platforms must scale, experts say Can security information and event management systems be the foundation for comprehensive IT data analytics? Powerful correlation engines and sharper analytical capabilities are forthcoming, analysts say.

PCI DSS certification: Three myths that affect its success in India When it comes to PCI DSS certification, much fear, uncertainty and doubt surrounds the standard. Here's a look at why these are just myths, not facts.

Why hiding the SSID won't solve PCI DSS wireless compliance Although the PCI DSS wireless guidelines released last year sought to dispel any confusion about wireless LAN security risks, enterprises are still neglecting security requirements and falling prey to old WLAN wives' tales. Hiding SSIDs isn't enough.

MicroscopeUK

Myth 2: PCI will make us secure

PCI compliance does not mean total security. While it is a reliable first line of defense, potential breaches are always a possibility as technologies change. Diligence and maintenance are constantly required to maintain a safe network.

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

HP expands channel finance options

Context warns channel to expect challenging year ahead on the PC front

SonicWall and Veeam enhance managed service support

SearchSecurity

Ideal DevSecOps strategy requires the right staff and tools

City of Pensacola hit by ransomware attack

Ryuk ransomware change breaks decryption tool

SearchStorage

Get to know storage-as-a-service providers and their offerings

Quobyte storage brings satellite imagery down to Earth

Startup Komprise extends data analysis to AWS object stores

SearchNetworking

7 factors to consider in network redundancy design

Silver Peak SD-WAN orchestrator scales to thousands of sites

Test your knowledge of SD-WAN deployments and testing

SearchCloudComputing

Get started with Azure tags

Review these Azure Service Bus best practices

Instill cloud change management best practices

SearchDataManagement

Aerospike 4.8 advances database persistent memory support

Data warehouse technologies evolve as vendors look skyward

How to streamline feature engineering for machine learning

SearchBusinessAnalytics

Easy-to-use coding tools a new opportunity for BI vendors

Low-code tools serve BI customer needs

Augmented analytics tools: Business uses, benefits and barriers

Dig Deeper on Regulatory compliance with cybersecurity laws and regulations

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.