- HP buys EDS for $13.9 billion
- 10 ways the Chinese Internet is different
- What EDS is telling its people about HP deal
- Sprint loses nearly 1.1 million customers
- Desktops of the future here today
Wireless mesh standard gets boost; New BlackBerry debuts. Listen now!
Sprint, Clearwire in WiMAX venture; Indian workers don't want U.S. jobs. Listen now!
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Its not hard to keep on eye on how much bandwidth that you are using, check out this page for more info:
http://technicianspot.blogspot.com/2008/05/monitor-bandwidth.html- Anonymous
Retailers apparently are mixed in how seriously they take the Payment Card Industry Data Security Standard, which contains some provisions for securing wireless data along with other mandates. While some retailers are conscientious, others have yet to be fazed by fines, increases in credit card company exchange rates and even immense out-of-court settlements following a breach.
So observes Steve Rowen, a partner at RSR Research in Boston, which focuses on the retail industry and tracks PCI compliance. Many retail organizations face a rip-and- replace undertaking to meet the wireless components of PCI DSS mandates, he notes. For example, retail locations with point-of-sale wireless applications require wireless data encryption using Wireless Protected Access (WPA) or higher, which can often mean replacing thousands of legacy handsets. PCI DSS, driven by credit card companies, also requires the use of wireless firewalls and wireless analyzers for rogue monitoring.
"But retailers would rather spend money on things that will help them make more money, not just protect the business," Rowen explains.
Who wouldn’t? Notoriously thin-margin retailers, though – particularly highly distributed ones – are among the verticals usually short on the manpower and budget dollars to tackle an infrastructure overhaul. It’s not uncommon, Rowen says, for retailers to adopt a “pay-the-ticket-and-go” attitude toward PCI. In other words, many opt to endure expensive wrist-slapping measures rather than investing time and money in an enterprise upgrade.
Current industry climes make it “easier for retailers to self regulate,” Rowen explains, because the PCI effort is driven by credit card companies – most notably, Visa – who say, “comply or we will do this to you.” The idea that financial institutions should tell retailers what to do with IT “seems silly,” he says. Meanwhile, in the absence of federal governance, states have slowly begun adopting legislation.
He described state regulation of retail compliance, though, as “the worst of all possible worlds,” because nationwide, distributed retailers that also conduct online commerce would have to implement multiple sets of rules in their infrastructures depending on geography. (Compare Network Auditing and Compliance products)
Still, Rowen is heartened by a number of recent industry efforts to help retailers out with not only being technically PCI compliant, in a “checkbox” fashion, but in truly securing customer data and protecting internal resources from wireless-initiated break-ins, which requires steps beyond the PCI basics.
Among the recent industry moves:
* Yesterday’s launch by AirTight Networks of a $2/day wireless LAN security software-as-a service (SaaS) offers full wireless vulnerability management without CPE investments.
* Mobile VPN provider Columbitech rolled out a premises-based centralized compliance management system in late March.
* Aruba Wireless offers centralized monitoring for unauthorized devices with no requirement for in-store hardware or software investments. Meanwhile, Aruba’s recent acquisition of Airwave, completed late last month, adds centralized signature-based intrusion prevention at each site with the installation of at least one Aruba sensor per approximately 20,000 square feet of space.
These and other vendors are recognizing that the cost to fully secure an organization’s wireless infrastructure has outweighed the advantage to date. “Now, they are coming up with clever ways to give retailers affordable security options,” Rowen says.
This is all Visa's fault!By Anonymous on April 30, 2008, 1:06 pmVisa's product is inherently insecure. Rather than fix the product to make it secure, they are strong-arming the merchants into spending an inordinate amount of...
Reply | Read entire comment
View all comments