Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
Acceptance Growing for PCI Security Standard
PCI chief says the PCI DSS security requirements have gained considerable momentum in the U.S. and globally.
April 10, 2008 — InfoWorld —
The leading man for the payment card industry's data security standard claims that most companies affected by the mandate have begun to embrace the regulation, rather than debate or deny its merits.
In the last year, perceptions of the PCI DSS security requirements—authored by the world's largest credit card issuers and aimed at forcing companies that handle account data to sufficiently protect their sensitive information and IT systems—have shifted dramatically, with most organizations making a genuine effort to understand and comply with the rules, said Bob Russo, general manager of the PCI Security Standards Council.
Differing factions still voice concerns over specific elements of the PCI regulation, largely around areas of the mandate that they feel are too prescriptive or vague, but the process of moving the standard forward has gained considerable momentum both in the United States, and around the globe, the PCI Council chief maintains.
"You'll always have people who resist when they are told that they have to do something, but most seem to agree that there is nothing alien in the three standards that we've issued thus far," Russo said. "I think that's because we've been able to establish that PCI is a strong security standard and this is work that people need to do anyways. Most of the remaining discord is related to the fact that people don't want to rip out and replace legacy systems."<
In fact, close to 100 percent of all the merchants, card processors, and related businesses that qualify as "tier 1" PCI DSS targets have already become compliant with the standard, and many smaller organizations are well on their way, he said.
The PCI standard has come under additional scrutiny of late in light of a massive data breach at supermarket chain Hannaford Brothers, the first publicly reported incident of its kind at a business that claims to have been certified as PCI compliant.
However, the questions that the event has spurred—about everything from the regulation's efficacy at preventing breaches to the issue of whether or not PCI compliance assessors will be held liable for incidents at certified companies—will ultimately aid in the continued adoption and evolution of the measure, Russo said.
Russo said it's still unclear to what extent Hannaford was actually certified, or attentive in maintaining its compliance with the mandate. It also illustrates to other businesses that they will need to remain focused on related data security issues at all times, not merely when they know that they are being audited.
The Latest Advancements in SSL Technology
Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
How to Offer the Strongest SSL Encryption
The Hydra and the Onion: A Multi-Layered Security Model for Today's Dynamic IT Threat Environment
Data Loss Prevention Starts at the Endpoint: Seeking Safety from the Data Loss Pandemic
Solving Online Credit Fraud Using Device Reputation
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Building Competitive Advantage with Next-Generation Wireless Infrastructure
Find out what Forrester says about mobile endpoint security and its management.
Get Forrester's take on simplifying mobility with the universal wireless client.
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Solutions to the Toughest IT Challenges in Remote Offices
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Analysts: Google Spreading Itself Too Thin
At 10, Google Reiterates Commitment to CIOs
Nokia Adds Address, Calendar Sync to Ovi
Oracle Said to Be Making Progress on Fusion Apps
Libertarian Barr, EPIC Outline Privacy Agenda
As Google Turns 10, Enterprise Success in Question
Innovative Thinking Gets a Kick in the Pants
Disk Storage Drove Ahead in Q2
MySQL Cofounder May Resign
VMware Virtual Servers Get 5X Faster Shadow Copy With V2 of Vreeam Backup
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
