Email Address:
« Former Cybersecurity Czar Argues for Better Data Loss Prevention | Main | Cybercrime Getting Worse for Victims, Easier for Criminals »
The Payment Card Industry Data Security Standard (PCI DSS) is a good case study of security standards that try to address the wide breadth of security requirements while providing sometimes detailed implementation specifications. This podcasts examines the nature of PCI DSS as an example of security baselines and regulations pointing out the strengths and weaknesses as well as what we can expect from future security frameworks.
TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/326
Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
These are security standards that merchants have to follow in order to making leakages less likely. They don't stop the merchants from purposely selling the data though, correct? I'll stick with my a.K.a Card.
Posted by: Emma Pitterle | June 12, 2007 5:10 PM
Yes, that's right. The PCI DSS has to do with preventing unintended disclosures; I didn't see anything in the regulations that prevented sharing data with business partners as long as it doesn't risk unintended exposure.
Posted by: Dan Sullivan | June 15, 2007 7:54 AM