Thursday, October 31, 2013

PCI Ostriches [and Monkees]: Hear No Evil, See No Evil, Speak No Evil

Website Magazine reports that the most recent version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) that requires Internet retailers to implement and perform rigorous penetration testing using different methods of security authentication and session management are not being met.

These tests are meant to protect against "man-in-the-middle, man-in-the-browser and other similar cyber-attack methods," the magazine reports, adding that "A new study from Tripwire... reveals that the retail industry hasn’t yet implemented these new security requirements and that could result in a big 'ol lump of coal come Christmas."

Reportedly,  just 41 percent of the retailers currently use any kind penetration testing to identify security risks, and "only 44 percent have either fully or partially deployed file integrity monitoring in place."

Perhaps worst of all, Tripwire determined that "62 percent of the IT professionals surveyed say that negative facts about security risks are filtered before being communicated with senior executives."

No comments:

Web Analytics