Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Social Responsibility's Strategic Benefits
December 15, 11:30 AM - 12:30 PM US/Eastern (GMT-5)
Join Ed Granger-Happ, CIO of Save the Children, for a discussion of how creating an organization that is socially responsible improves staffing, retention, leadership development and overall corporate health.
Working With and Communicating to Your Board of Directors
January 13, 2009, 4:00 PM - 5:00 PM US/Eastern (GMT-5)
CIO panelists who will share tips and experiences working with their boards: Twila Day of SYSCO; Jeff O'Hare, West Corp.; Marc West, formerly with H&R Block.
IT's Role in Growing Mid-Market Companies
January 14, 4:00 PM - 5:00 PM ET (GMT-5)
Mid-market Council members will share their companies' stories and challenges in driving or coping with growth. Panelists represent Veterinary Pet Insurance, Medicis Pharmaceutical, and Intrax Cultural Exchange.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
FUD Watch: Vendor Hype Escalates Over PCI Compliance Deadline
Monday is the day merchants must be in compliance with PCI DSS Requirement 6.6. That means the security vendor PR machine is in overdrive.
June 27, 2008 — CSO — Merchants have to comply with Requirement 6.6 of the Payment Card Industry's Data Security Standard (PCI DSS) by June 30, and those who haven't done what's necessary probably won't meet the deadline no matter what they do between now and Monday.
But that won't stop security vendors from using the deadline as an excuse to drum up a little publicity, laboring under the hope that some businesses will line up at the last minute to buy their product. In the past week, I've taken my share of PR calls asking if we wanted to speak to their client about the deadline.
This is especially the case with those selling application security products, since 6.6 is all about protecting the Web applications. Among the mandates: Merchants must have all custom application code reviewed for common vulnerabilities by an organization that specializes in application security and install an application-layer firewall in front of Web-facing applications.
As the deadline edges closer, debate continues over whether PCI DSS is a genuine road map to better security or just another misguided mandate that will do little to stem the tide of data breaches and identity fraud. A side debate over whether the costs of being in compliance or in violation are appropriate is also smoldering.
As I've said before, I don't blame vendors for trying to seize every opportunity to make a sale.
But security pros need to be able to cut through the hype and assess the best application security fit for their organizations without being blinded one way or another by the mania over the latest deadline.
In the final analysis, much of what's required under PCI DSS is common sense in an age where more and more businesses rely on e-commerce and tend to rush online shopping portals into circulation with security holes easily identified and exploited by the bad guys.
Though skeptics are right to point out that data breaches and identity fraud continue to rage despite the standard (Hannaford's supermarkets suffered a major breach despite all the investments it made in PCI compliance), it's foolish to argue that we'd be better off without it.
Other stories by Bill Brenner 2002-2007 CXO Media Inc. All rights reserved. Reproduction in whole or in part without permission is prohibited.
The Business Case for Web Application Firewalls, by Ken Tyminski, former VP and CISO for the Prudential Insurance Company of America
BlackBerry in the Regulatory Spotlight - A White Paper by Day Pitney LLP
Stop mobility from jeopardizing PCI compliance with these best practices.
Operational Excellence Is Key to Maximizing IT Investments
Learning from BPM Leaders
Optimizing Infrastructure Control
Endpoint Security: Compliance at the Endpoint
Paving the Way for Trusted Collaboration
Find out what Forrester says about mobile endpoint security and its management.
Grassroots Data Governance with SAP MDM
The CIO's Guide To Harnessing Enterprise 2.0
What's Next? Real Answers for Tough Times
A crystal ball won't provide the answers you need.
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Microsoft Releases Next Wave of Windows Live Services
Report: Former AOL CEO Miller Trying to Buy Yahoo
Sierra Wireless to Buy Wavecom
Zoho Releases SQL-Based Data-Access Service
Open-Source Developers Set Out Software Road Map for 2020
VMware Expands Desktop Virtualization Capabilities
IE Share Slips Under 70% as Firefox Surges Past 20%
Filing: SAP Co-CEO had Concerns About TomorrowNow Deal
Windows Market Share Drops Below 90% for First Time
Apple Quietly Recommends Using Antivirus Software
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
- CIO|
- Computerworld|
- CSO|
- DEMO|
- Game Pro|
- Games.net|
- IDG|
- IDG UK|
- IDG Connect|
- IDG Tech Network |
- IDG World Expo|
- Industry Standard|
- InfoWorld|
- ITworld|
- JavaWorld|
- LinuxWorld|
- MacUser|
- Macworld|
- Network World|
- PC World|
- Playlist|
- CIO UK|
- CIO Germany|
- CIO China|
- CIO Sweden|
- CIO Australia|
- Other CIO Sites
