PCI Standard Drives Some CISO's Work This Year - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
5/10/2007
04:10 PM
50%
50%

PCI Standard Drives Some CISO's Work This Year

Some companies find they must pour money and time into complying with payment card data security requirements.

The payment card industry's Data Security Standard, created by Visa and MasterCard, is the focus of a lot of IT work--and spending--as companies seek to comply with its requirements for better protection of customer credit and debit card data. Two chief information security officers from Fortune 50 retailers, participating in an online discussion with Merrill Lynch that was open to the public, made this clear.

The CISOs, identified only by their first names so they could address sensitive security issues, agree that PCI compliance will be the biggest driver of security spending over the next year. "The money we spent on remediating for PCI is considerably larger than what we've spent on remediating for Sarbanes-Oxley, " Mark says. The other CISO, Tony, says security is typically less than 1% his company's IT budget, but this year it's doubled because of PCI.

In effect since December 2004 and updated in September, PCI requires firewalls, the encryption of cardholder and other sensitive data sent across public networks, and restrictions on physical access to cardholder data. Merchants not in compliance can't process Visa or MasterCard payments.

It's a "great commonsense approach to how security should be implemented," Tony says. "Unfortunately, a large company like the one that I work for just didn't take it very seriously three years ago," when the standard was being proposed. A lot has changed since then, he says, and PCI is now the main driver behind his company's security initiatives, accelerating its use of data encryption. It's preparing to encrypt all data brought into the company's IT systems "so that everybody can reduce the risk further," he says.

Piling PCI on top of all the other regulations to which companies must comply isn't easy, but there's little choice when CISOs consider what's at stake.

Return to the story:
Cigna's Craig Shumard: One Man's Security Mission

Continue to the sidebars:
PayPal's CISO's Psychological Warfare
and
Mozilla's Window Snyder: A CISO With A Different Agenda

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
News
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll