[ISN] New Verizon Report: Non-PCI Compliant Organizations Suffer More Breaches

From: InfoSec News <alerts_at_private>
Date: Tue, 5 Oct 2010 01:13:10 -0500 (CDT)
http://www.darkreading.com/security_monitoring/security/app-security/showArticle.jhtml?articleID=227600072

By Kelly Jackson Higgins
DarkReading
Oct 04, 2010

Data from PCI DSS assessments conducted by Verizon Business' PCI 
auditors shows that organizations hit by breaches are 50 percent less 
likely to be PCI-compliant than its other clients.

The first-ever Verizon Payment Card Industry Compliance Report, released 
today, analyzed findings from actual PCI DSS assessments Verizon 
conducted between 2008 and 2009. The report also shows that only 22 
percent of organizations score as compliant with the PCI DSS at their 
first audit.

Protecting stored data, tracking and monitoring access to network 
resources and cardholder data, and regularly testing security systems 
and processes were the top three reasons for breaches in Verizon's 2010 
Data Breach Investigations Report. And it's those three security areas 
where companies are having difficulty deploying or complying with in 
PCI, according to Verizon.

"We found a direct correlation to the top reasons for data breaches," 
says Jen Mack, director of global PCI consulting services at Verizon. 
"PCI requires protecting source data, monitoring and reviewing, and 
systematically checking and scanning and penetration testing ... And we 
could see those were the top reasons for breaches in our breach report. 
We see in our PCI report that these areas have the least amount of 
requirements in place at the time of their Initial Report on 
Compliance." 

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Mon Oct 04 2010 - 23:13:10 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 04 2010 - 23:32:14 PDT