http://www.darkreading.com/security_monitoring/security/app-security/showArticle.jhtml?articleID=227600072 By Kelly Jackson Higgins DarkReading Oct 04, 2010 Data from PCI DSS assessments conducted by Verizon Business' PCI auditors shows that organizations hit by breaches are 50 percent less likely to be PCI-compliant than its other clients. The first-ever Verizon Payment Card Industry Compliance Report, released today, analyzed findings from actual PCI DSS assessments Verizon conducted between 2008 and 2009. The report also shows that only 22 percent of organizations score as compliant with the PCI DSS at their first audit. Protecting stored data, tracking and monitoring access to network resources and cardholder data, and regularly testing security systems and processes were the top three reasons for breaches in Verizon's 2010 Data Breach Investigations Report. And it's those three security areas where companies are having difficulty deploying or complying with in PCI, according to Verizon. "We found a direct correlation to the top reasons for data breaches," says Jen Mack, director of global PCI consulting services at Verizon. "PCI requires protecting source data, monitoring and reviewing, and systematically checking and scanning and penetration testing ... And we could see those were the top reasons for breaches in our breach report. We see in our PCI report that these areas have the least amount of requirements in place at the time of their Initial Report on Compliance." [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Oct 04 2010 - 23:13:10 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 04 2010 - 23:32:14 PDT