Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Portfolio Management Maturity Model at Chevron - Presentation & Discussion
November 13, 11:30 AM - 12:30 PM ET (GMT-4)
The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
Can Mid-Market Merchants Comply with PCI Standards In Time?
If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don't comply face fines or worse. So why aren't more mid-market merchants already in compliance?
December 06, 2007 — CIO — Nearly a year after TJX Companies suffered what is believed to be the largest identity theft to have hit a retailer, credit card companies are laying down the law for any merchant who transacts business with plastic. By New Year's Eve, all businesses that handle between 1 million and 6 million credit card transactions a year (primarily mid-market companies) must comply with the payment card industry's new Data Security Standard (PCI DSS).
Companies that fail to comply with the standard's 12-point specification risk thousands of dollars in fines (from Visa, $5,000 to $25,000 a month), though it's hard to predict what noncompliance will really cost because the penalty structure is complex. Ultimately, Visa, MasterCard and the other payment card companies could revoke merchants' rights to make credit card transactions—a mortal wound for any consumer-oriented business. And yet despite the threat of penalties, experts believe that most mid-size companies won't make the deadline (larger companies with a higher transaction volume are already supposed to be compliant).
Compliance is hardly rocket science—or is it? Directives to use firewalls and change vendor-supplied default passwords are simply security best practices. But in other areas, merchants struggle to interpret the standards, haggling with auditors, consultants and sometimes the PCI Council itself over exactly how to protect cardholder data. And they often have to reach deep into cash-strapped pockets to come up with the funds for conducting a top-to-bottom security review.
Brian Shniderman, a director at Deloitte Consulting, estimates that 40 percent to 45 percent of merchants might need to overhaul everything from access management, ID control and physical security, to infrastructure, firewalls and antivirus measures.
"The industry is not sitting in a stable position with regard to PCI standards," he says.
Lessons from TJX
Version 1.1 of the PCI Data Security Standard (PCI DSS 1.1) was on the books in January 2007, when TJX Companies—operator of A.J. Wright, Bob's Stores, HomeGoods, Marshalls and T.J. Maxx—announced that hackers had breached its network. Estimates of the damage vary, but data thieves may have copped anywhere from 45 million to more than 100 million user accounts, from customer transactions going back to 2003.
According to The Wall Street Journal, the thieves may have begun their odyssey in a van parked near a St. Paul, Minn., Marshalls store, at which they pointed an antenna and picked up wireless data beamed across the store from registers and handheld scanners. The intercepted data allowed thieves to hack the main network in Framingham, Mass. and allowed them to download megabytes of stored customer records. At least three class-action lawsuits seeking damages on behalf of customers and banks are pending in federal court. (TJX is awaiting court approval of a proposed settlement with customers worth an estimated $256 million. On Nov. 30, 2007, the company announced a $40.9 million settlement with Visa through which it would pay banks for their claimed losses, provided banks agree not to pursue further legal action.)
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
Learn how this proactive implementation of a DLP solution helps ensure E-LOAN's customer trust and loyalty.
Best Practices for Providing Secure and Cost-Effective Remote Access
They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers
The Three Pillars of Data Protection
The Case for A Specialized Security Platform
Security and Trust: The Backbone of Doing Business over the Internet
Best Practices in Choosing and Consuming Managed Security Services
Building Competitive Advantage with Next-Generation Wireless Infrastructure
IT Risk Management: Preparing for the Perfect Storm
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
The Power of Data Deduplication
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Find out what Forrester says about mobile endpoint security and its management.
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Google in Curious Alliance with Click-Fraud Detection Firm
Kernel Developers, Wall Street to Come Together
Ellison Strikes Bullish Tone At Shareholder Meeting
Yahoo Investor Proposal Unlikely to Push Microsoft
Ugandans Comment on 10 Years of ICT Regulation
Vodafone to Acquire 15 Percent More of Vodacom Group
Zoho Launches E-Mail App with Offline, Mobile Access
Mobile Penetration to Hit 95 Percent By 2013
UK Supermarket Uses IT to Cut Checkout Waits
Mobile Industry Split Over UMA Versus Femtocells
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
