CIO Symmetry

Nov 1 2011   3:50PM GMT

PCI DSS compliance may be the answer to more than credit card privacy

Scot Petersen Scot Petersen Profile: Scot Petersen

The Payment Card Industry Data Security Standard — PCI DSS — has been around for a few years and has seemingly done a good job of keeping credit card data safe.
No, it’s not a binding regulation, and there’s not a lot of official enforcement. But PCI DSS compliance has worked well for those who adhere to it — so much so that some PCI experts are calling for PCI to be used in other areas of risk management. After all, data privacy is data privacy, right?

That was the contention of some who congregated at the PCI Security Standards Council (PCI SSC) European Community Meeting in London recently, according to SearchSecurity.co.uk.

SearchCompliance.com contributor Kevin Beaver, of Principle Logic LCC, a noted expert in PCI DSS compliance, thinks this is a good idea.

“Many organizations would benefit from implementing PCI-type controls across other areas of the enterprise,” Beaver wrote in an email. “One of the things I see people struggling with is where to start with managing enterprise information risks. In particular, people get caught up in NIST for this, HIPAA for that and ISO/IEC for everything else. This approach can create unnecessary complexity which, as we’re all learning, is the enemy of security. In the end, all of these regulations, standards and frameworks address the same fundamental issues. It’s merely a matter of deciding on what’s best for your systems in the context of your business. The important thing is to not let apathy set in — just do something.”

I agree. There are plenty of areas where a bottom-up approach to data privacy is needed, and if PCI DSS compliance works and is widely accepted, you should do it. But remember, you are not necessarily secure just by being compliant with some standard framework. However, if you practice good security, with up-to-date hardware, software and policies, you likely will be in compliance with some standard. Find one that works for you.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: