Friday, November 12, 2010

PCI compliance, an unnecessary burden?

by David Ochel

This well-written story (a long read) on the New York Times Magazine's website illustrates the story of Albert Gonzalez, including the background on the TJX, Heartland Payment Systems, and other payment security breaches in the past years. A good reminder (or explanation) for those who still think that PCI compliance is an unnecessary burden...

(Of course, compliance with the PCI Security Standard Council's standards does not eliminate an organization's need to have a risk-driven and technology-specific security program in place. But it provides for an improved security baseline across the industry, reducing susceptibility to common vulnerabilities, and raising the bar for potential attackers.)

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.