|By Dominic Monkhouse||
|December 21, 2012 11:56 AM EST||
This is according to general manager of the PCI Security Standards Council (PCI SSC) Bob Russo, who told Bankinfosecurity.com that this is vital to spotting any weak links in the card data protection chain, which could undermine an entire system.
Performing annual risk assessments is one of the 12 central requirements firms must go through to be certified PCI compliant, but it may be the case that some companies do not devote adequate time and resources to this and assume their systems will still be secure.
Mr Russo explained: "The standard requires an annual risk assessment, because the DSS (data security standard) validation is only a snapshot of your compliance at a particular point in time." Therefore, it is possible that changes that have been made to a system since the previous evaluation could have undermined security protections or opened up new vulnerabilities.
He added the PCI SSC has received a large number of requests for clarity on how to best perform a risk assessment in order to identify gaps in their security procedures. This is why the body introduced new guidelines for the process earlier this month.
This document contains a number of recommendations for improving the procedure of evaluating a firm's data protection security solutions. These include implementing a formal methodology that takes into account the culture of an organisation and its unique requirements.
Guidance offered as part of the publication states: "Organisations will need to define and document their risk-assessment methodology, identify individuals who will need to be involved, assign roles and responsibilities and allocate resources."
It also suggested companies pursue a continuous risk assessment process rather than treating the requirements as a once-a-year occurrence. This makes it easier to uncover emerging threats and vulnerabilities as soon as they appear, allowing a company to take a more proactive approach to mitigate such risks.
Mr Russo observed that every organisation is different and the necessary precautions and measures will vary from firm to firm. However, there are a few constants that all enterprises need to consider.
"Size is just one of the many factors," he stated. "A smaller organisation, for instance, has fewer assets that they have to consider. But the core components of the risk assessment are really going to be the same."
The importance of PCI compliant systems has been highlighted in recent years by a series of high profile breaches, Bankinfosecurity.com stated. This included an attack on Heartland Payments Systems in 2009 that exposed the information of 130 million credit and debit cards in the US.
As a result of this, Heartland is now offering advice to ecommerce merchants using its payment processing solutions, as many of these firms lack knowledge and experience of security issues.
Chief security officer at the firm John South said: "Their speciality is not in securing networks and many have little or no experience in installing hardware or software to do that."
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 29, 2017 11:00 AM EDT Reads: 3,378
Mar. 29, 2017 10:30 AM EDT Reads: 560
Mar. 29, 2017 10:15 AM EDT Reads: 1,657
Mar. 29, 2017 10:00 AM EDT Reads: 2,313
Mar. 29, 2017 08:45 AM EDT Reads: 901
Mar. 29, 2017 08:00 AM EDT Reads: 7,451
Mar. 29, 2017 06:00 AM EDT Reads: 9,048
Mar. 29, 2017 04:00 AM EDT Reads: 15,094
Mar. 29, 2017 03:45 AM EDT Reads: 2,152
Mar. 29, 2017 03:30 AM EDT Reads: 3,236
Mar. 29, 2017 03:00 AM EDT Reads: 6,081
Mar. 29, 2017 01:15 AM EDT Reads: 2,511
Mar. 29, 2017 01:00 AM EDT Reads: 1,116
Mar. 28, 2017 11:15 PM EDT Reads: 3,500
Mar. 28, 2017 09:30 PM EDT Reads: 3,884
Mar. 28, 2017 09:30 PM EDT Reads: 2,252
Mar. 28, 2017 08:15 PM EDT Reads: 2,378
Mar. 28, 2017 07:00 PM EDT Reads: 4,542
Mar. 28, 2017 03:45 PM EDT Reads: 4,224
Mar. 28, 2017 03:00 PM EDT Reads: 2,181