- Get a grip or you don't get the job
- Researcher hides IE attack on Web
- Desktops of the future here today
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Rss FeedSix Minutes With ... Perry Wu, CEO of BitGravity. Listen now!
Six Minutes With ... Scott Ryan, CEO of Asankya. Listen now!
Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
So, the OpenOffice.org Community has announced the public beta release of OpenOffice.org 3.0, a new version...- Microsoft Subnet
Emerson Network Power and its Liebert power and cooling technologies increase IT system flexibility and availability, while lowering the total cost of ownership.
Discover how to optimize your data center efficiency through virtualization, digital system controls and emerging monitoring capabilities.
Learn how Liebert technology ensures availability for U.S. DoD facility while providing the flexibility to add a new supercomputer.
Reduce cooling system energy costs by 30 to 45 percent through five data center efficiency strategies.
Credit card losses to fraud adds up to about $3 Billion per year, depending on who you ask. So we can understand the concern on the part of financial service companies and the need for the Payment Card Industry Data Security Standard (PCI DSS, usually referred to as just PCI; official documents here).
But the huge credit card companies -- Visa, MasterCard, American Express, Discover, and JCB -- haven't done their job well and are forcing new rules on the wrong end of the transaction pipeline. That said, the rules are, for the most part, good security guidelines that businesses should be following anyway. Rarely do we see a bad idea lead to good results.
According to the book Geekonomics by David Rice, the PCI rules are a way for the financial giants to stave off government regulations. After losing more than a 100 million credit card records in 2006, one would think Congress would try to “help.”
The credit card industry swears it can self-regulate, and says it is in a better position than most to do so. After all, if your business is sloppy with credit card data, the card companies can cut you off and effectively put you out of business. They almost never, never do that, of course, because it's bad for business. But at least now they're forcing vendors making card transaction software to tighten up, says Computerworld.
PCI also forces any business taking credit cards, no matter how small, to become security experts. That t-shirt kiosk in the mall? Same security rules apply to it as to the Sears store down the way. Since t-shirt vendors rarely can judge the security of firewalls, operating systems, and transaction processing software, they're at the mercy of the security companies.
But many of the rules should be followed by every business. Scott Goessling of Blue Pay, a card processing service, created an understandable version of the PCI rules and gave me a copy. I don't see a copy on its Web site, but I bet if you send a note you'll get one via e-mail.
Jesper Jurcenoks, CTO of NetVigilance, a network vulnerability testing company, says 60% of businesses fail their PCI audit for one reason: they have no information security policy written down. So grab some paper and start from the basics, like “lock the door at night.” Then detail who can access data, define daily operational security procedures, and keep writing down policies.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
