Comment on PCI DSS 2.0 from Imperva's CTO

Redwood Shores, CA, (PresseBox) - After months of work, the PCI Security Standards Council has today released the PCI DSS 2.0 standard, the 'security rules' under which all organisations processing credit card transactions - and this includes almost all businesses accepting debit, credit and charge cards - must achieve minimum standards of security and best practice.

Shulman explained that the main virtue of PCI is the standard's incredible opportunity to improve an enterprise's overall security posture. "Nobody is in business to be compliant," explained Shulman. "But our experience highlights a simple lesson: if you invest in controls to address PCI there is an incredible opportunity to improve overall security. Smart enterprises use PCI to increase budgets and put data security high on the executive priority list. Smart security teams use PCI as a springboard to transform how they protect consumer data-not just credit cards numbers."

Shulman points out that the changes between PCI DSS 1.2 and v2.0 are relatively minor - which he ascribes to the maturity of the standard - there are a number of key highlights:

- Scoping PCI assessments
- Adopting a risk-based approach to vulnerability mitigation
- Including more detailed standards for secure coding practices for custom built applications.

Also noteworthy, Shulman says, is that PCI DSS has been placed on a new three-year release cycle, so the next version is expected towards the end of 2013.

"The new life cycle allocates 1-year for full deployment of the recent standard, 1-year of feedback submission and review and 1-year for formalisation of the new revision," he says.

Against this backdrop, Imperva's CTO concludes that PCI DSS 2.0 has evolved into a unique set of regulations in a number of ways. Firstly it is industry- and not government-driven; and secondly, it includes specific guidance on the steps required to secure sensitive data.

"Since its inception, PCI has expanded awareness to data security risks and has driven major investments in data security technology and processes," he said.

"The evolution of PCI DSS by the PCI Council is aimed as adapting the standard to the evolving threat and technology landscape, while reducing the cost of compliance. PCI DSS 2.0 is an important step in that direction," he added.

For more on PCI DSS:
For more on Imperva:

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Security Awareness für Programmierer

Ha­cker, Mal­wa­re und Cy­ber­spio­nen wirk­sam den Zu­griff auf di­gi­ta­le Un­ter­neh­mens­wer­te zu ver­weh­ren ist nicht ein­fach. Man in­ves­tiert da­für in cle­ve­re Soft­wa­re, durch­dach­te Pro­zes­se und letzt­end­lich auch in Se­cu­ri­ty Awa­re­ness beim Mit­ar­bei­ter, der als en­ga­gier­ter Wäch­ter eben­falls Be­dro­hun­gen er­ken­nen und eli­mi­nie­ren soll. Ge­ra­de Grup­pen wie Pro­gram­mie­rer blei­ben bei die­sen Maß­nah­men aber oft in­halt­lich aus­ge­sch­los­sen, da man nicht auf Ih­re Be­dürf­nis­se ein­geht.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.