A PCI compliant company can still be hit by a data breach 
(18/08/2009)
Some of the firms which have experienced data breaches in recent months were PCI-compliant. This highlights the fact that - even if a company has passed must on the regulatory front - this does not guarantee the integrity of their IT security systems.
"Complacency is the IT manager's worst enemy, especially when it comes to IT security," said Reuven Harrison, Tufin's chief technology officer. "This fact was brought home quite clearly at last week's Black Hat security briefings in Las Vegas, at which researchers revealed company after company - and technology upon technology - whose IT security could be compromised," he added.
According to Harrison, as witnessed by the comments of Douglas Merrill, former VP of engineering with Google at Black Hat, if senior managers can become frustrated with an IT architecture, then the same thing can happen further down the management chain.
And when that happens, he says, the firm becomes a breeding ground for IT workarounds that allow staff to work more efficiently, but also allow them to circumvent their own security systems.
As a result of these pressures, having systems in place that check any and all IT security configuration changes for compliance with corporate policies, he explained, is rapidly becoming a critical competent of an efficient security regime. You can also expect to see these pressures to work more efficiently increase as the effects of the economic situation that many companies now find themselves, said the Tufin CTO.
As a result, he noted, you can begin to understand why, if a company is PCI compliant - as was the case with Heartland Payment Systems - they can still be hit by a data breach. "Regulatory compliance and best practice certifications are excellent indicators of management quality, but when it comes to security, the acid test is whether multiple layers of security are installed, and are reviewed - as well as tested - on a regular basis," he said.
"This is what security lifecycle management is all about. IT security has now become a state of mind and needs a holistic approach if management is stand a chance of beating the security demons," he added.
Related topics: Data management and data security Security management and policies
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
