Techweb Digital Library

The Compliance Trap: Compliance for compliance's sake is not a best practice in protecting cardholder data


Click here to download now

Source: MegaPath
Date: November 2010
Type: White Paper
Rating: (0)
Save for Later
Email a Colleague
Rate This Asset

Overview: This white paper on PCI compliance explains why compliance for compliance's sake is not a best practice in protecting cardholder data. The Payment Card Industry Data Security Standard (PCI DSS) has been evolving for many years and will continue to be enhanced to address new security threats and protection measures. With maturity of the DSS, many security auditors are beginning to press companies that accept payment cards to demonstrate more than just 'forward progress' toward compliance, or at least a smaller number of compensating controls. Many retailers that have recently completed security audits are scrambling to implement new measures as their auditors have begun insisting on full compliance with key areas of the DSS.

How does a retailer effectively address compliance and avoid becoming headline news for all the wrong reasons? By focusing on security best practices and not accepting vendor claims that their solutions alone can provide compliance. Learn why compliance is the byproduct of a well-executed information security program that:
* focuses on risk management
* minimizes the use of compensating controls
* includes careful consideration of technology and service provider capabilities (not just the lowest bid)
* recognizes your business is responsible for the security of cardholder data

How can you improve data protection and PCI compliance?

DOWNLOAD NOW

Not what you're looking for? Search again
Go Advanced »
More From the Attacks/Breaches Section
VENDOR INDEX 0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Performance Management, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Data Quality

Development : Open Source, Windows/.NET, Web Development, Security, Mobility, Java, High Performance Computing, Embedded Systems, Development Tools, Database, Architecture & Design, C/C++

Government : Cloud/SaaS, Leadership, Information Management, Federal, Mobile & Wireless, State & Local, Enterprise Applications, Security, Policy & Regulation, Enterprise Architecture

Hardware : Virtualization Hardware, Windows Servers, Utility/On-demand Computing, Unix/Linux servers, Supercomputers, Peripherals, Macintosh, Handhelds/PDAs, Grid/Cluster Computing, Desktops/PCs, Data centers, Blades, Processors

Healthcare : Interoperability, Administration systems, Clinical information systems, Electronic medical records, The Patient, Security & Privacy, Leadership, Policy & Regulation, Mobile & Wireless

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Social Business, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Internet Policy

Management : Career Development, Training, Small-Medium Business, Salary/Compensation, ROI/TCO, Regulation/Compliance, Recruiting, Personnel Management, Outsourcing, Legal, H-1B, Executive Insights/Interviews, Workplace Trends

Mobility : WLAN, Wireless Security, Wi-Fi/WiMax, Wi-Fi VOIP, Smartphones, 3G Wireless/Broadband, Muni Wireless, Mobile Messaging, Mobile Business, Fixed Mobile Convergence, 802.11x, RFID

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Virtual worlds, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Global Positioning Systems

Security : Security Administration, End user/Client Security, Encryption, Cyberterror, Attacks/Breaches, Application Security, Antivirus, NAC, Perimeter Security, Privacy, Vulnerabilities and Threats, Storage Security, Intrusion Prevention

Services : Telecom/Voice Services, Business Process Outsourcing, Business Services, Disaster Recovery, Systems Integration, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Hosted Applications

Software : Web Services, Service Oriented Architecture, Server Virtualization, Productivity Applications, Operating Systems, Open Source, Linux, Hosted Software/Applications, ERP, Development Tools, Databases, Database Applications, CRM, Business Systems Management, Integration, Application Optimization

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Internet policy, Presence, Collaboration Systems, Business, Regulation, Call Centers

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Security, Open Source, Operating system, Office Suite

More Security Resources

Check Point 2013 Internet Security Report
The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based ......

More On Security

Blogs