Some big names elected onto the PCI SSC council (14 in all).
Their primary role being to serve on the board and provide strategic and technical guidance to the PCI Security Standards Council.
Microsoft and Verifone being the only technology companies the rest are retailers or PSPs with a vested interest in PCI.
I wonder if the PCI SSC will behave like a mini UN with lots of differing groups with their own agenda, generating ideas and statements about what should be done but too much in-fighting and Special Interests to actually get a majority vote to get motions passed through.
With a member like APACS involved (UK Payments association) their should be no excuses in the future from UK organizations to not being PCI compliant, as there were around 18 months ago when PCI DSS conflicted with what APACS required from retailers/PSPs.
It will be interesting to see any minutes from the initial meetings for any future PCI DSS changes, just to see who is in favor of PCI and who isn't.
Friday 25 May 2007
Thursday 24 May 2007
APAC market gains PCI momentum
A PCI Blog reports on the increase in interest levels within APAC region.
PCI Answers is a great source of PCI news and contributors very active in PCI space.
PCI Answers is a great source of PCI news and contributors very active in PCI space.
PCI pays off
Another Dark Reading article featuring a Bryan Sartin of Cybertrust, discussing how PCI can pay off in the short to long term. He states that "..No organization that has been completely compliant with PCI has been compromised."
Wednesday 23 May 2007
PCI Costs, but not as much as a breach
Interesting article on Dark Reading. While it is generally accepted that breaches aren't great financially, staying ahead of PCI compliance could be beneficial in the long term, both financially and with respect to security of your organization.
Sunday 20 May 2007
Too little too late perhaps??
While this is not necessarily a news item, only a press release for 7Safe's PCI DSS training service, it does highlight the last minute nature of PCI Compliance most companies have taken as their approach to tackling this requirement.
If true, PCI vendors should expect some increased levels of interest as 30th June 2007 approaches.
If true, PCI vendors should expect some increased levels of interest as 30th June 2007 approaches.
Tuesday 15 May 2007
PCI: This is how we do things in Texas
Texas is mulling over a bill that would make PCI DSS a state law.
It is viewed that the bill would spur broader adoption of PCI security controls and is supported by a number of Texas Credit Unions, who want to push liability onto the merchants.
Texas isn't the first to push this kind of bill through, Massachusetts also proposed something back in Feb 2007
It is viewed that the bill would spur broader adoption of PCI security controls and is supported by a number of Texas Credit Unions, who want to push liability onto the merchants.
Texas isn't the first to push this kind of bill through, Massachusetts also proposed something back in Feb 2007
Monday 14 May 2007
Security Breaches are good for you....
Interesting blog post about how breaches or bad news actually increases the company's profits.
Will this mean that companies will be queuing up to disclose their security breaches or health scares (in cases of your local eatery)!?
Is this reverse psychology gone mad?
Will this mean that companies will be queuing up to disclose their security breaches or health scares (in cases of your local eatery)!?
Is this reverse psychology gone mad?
Sunday 13 May 2007
PCI News for PCI News sake
I am starting to feel that article writers are publishing PCI pieces just for the sake of filling out their quota.
This article outlines what PCI Self Assessment Questionnaire is and the need to complete it with the writer offering his own firm's services to do it I guess.
In this article the writer seems to be going for the "point out the obvious" award for the week. The title of the piece being "PCI Standard Drives Some CISO's Work This Year". I guess the "some CISO's" part of the title refers to the companies who are actually undertaking a PCI project this Year! His next article will be along the lines of "Smoking is bad for your health".
This article outlines what PCI Self Assessment Questionnaire is and the need to complete it with the writer offering his own firm's services to do it I guess.
In this article the writer seems to be going for the "point out the obvious" award for the week. The title of the piece being "PCI Standard Drives Some CISO's Work This Year". I guess the "some CISO's" part of the title refers to the companies who are actually undertaking a PCI project this Year! His next article will be along the lines of "Smoking is bad for your health".
Saturday 12 May 2007
PCI is just too hard..why FD CISO may not be 100% correct
This article over on SearchSecurity.com gauges the reaction to comments from First Data CISO Phil Mellinger, that PCI DSS compliance should essentially be made easier to attain, in order to get more merchants compliant.
It would be nice if a lot of things that were hard or essential, were made easier to achieve. Life would be so much better.
It would be nice if a lot of things that were hard or essential, were made easier to achieve. Life would be so much better.
Time to board the PCI Ship
Yet another TJX related item on the web, highlighting the need to get with the program.
If you received a gift card of a high value from a shady character they could have been involved in the TJX breach. Read on to find out how Credit Card fraud of the TJX scale helps the gift card business boom.
If you received a gift card of a high value from a shady character they could have been involved in the TJX breach. Read on to find out how Credit Card fraud of the TJX scale helps the gift card business boom.
Saturday 5 May 2007
Sun is just giving it away...
Sun recently announced they would give away their Encryption Key Software. Read on a little further before you rush to take up this free offer, as it is only the the APIs they are preparing to share, "...which are how the KMS talks to an encryption device."
So everything else is gonna cost ya. Could this be a cunning way to promote the sale of more Sun hardware?
The KMS standard is still very much work in progress and this could turn into another classic betamax and vhs or even the more current HD-DVD vs Bluray battle.
So everything else is gonna cost ya. Could this be a cunning way to promote the sale of more Sun hardware?
The KMS standard is still very much work in progress and this could turn into another classic betamax and vhs or even the more current HD-DVD vs Bluray battle.
Thursday 3 May 2007
How much does a data breach cost.
Estimates Put TJX Fiasco at $4.5 Billion. And thats the optimistic number.
The Ponemon Institute, a think tank focused on record privacy and data protection, expects the TJX breach costs to be even higher. They cite costs in the range of $182.00 per record, based on research from November 2006 of the cost of breaches incurred in 31 separate incidents. For TJX, this translates to $8.6 billion.
The Ponemon Institute, a think tank focused on record privacy and data protection, expects the TJX breach costs to be even higher. They cite costs in the range of $182.00 per record, based on research from November 2006 of the cost of breaches incurred in 31 separate incidents. For TJX, this translates to $8.6 billion.
The TJX data security breach: 10-K filing shows IAM and compliance mistakes
This article goes into some detail on how TJX didn't quite come up to scratch with compliance, and questions their internal security controls .
It again raises the question of how did the secret keys get compromised if data at rest was being encrypted, with the compromise going back to 2005 but not being discovered until December 2006.
It again raises the question of how did the secret keys get compromised if data at rest was being encrypted, with the compromise going back to 2005 but not being discovered until December 2006.
Tuesday 1 May 2007
Fraud in the Airline industry and plugging the gap
Very interesting article discussing the effect of fraud in the Airline industry based on responses to a survey of UK airlines. PCI features as the number 1 security requirement to meet. You'll need to register to the site.
Subscribe to:
Posts (Atom)