Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Improved password security as part of PCI DSS 3.0

CyberArk Software : 07 November, 2013  (Technical Article)
CyberArk comments on the latest iteration of the Payment Card Industry data security standard which calls for improved password security
Improved password security as part of PCI DSS 3.0

According to the PCI Security Standards Council, the forthcoming revision of PCI DSS – which is due to go live on November 7th 2013 – has been designed to ‘help organisations take a proactive approach to protect cardholder data that focuses on security, not compliance’.
 
As part of this, poor password security practices have been highlighted as a key driver for change.  The PCI DSS update clarifies the importance of changing default passwords for application/service accounts, as well as user accounts, to address gaps in basic password security practices that are leading to compromises.
 
Matt Middleton-Leal, regional director for UK & Ireland at CyberArk, has made the following comments:
 
“It’s extremely encouraging that the latest revision of PCI DSS is moving away from focusing solely on compliance, and moving towards best practice security. As we continue to see privileged account credentials and passwords as primary targets in almost all major breaches, it’s great that this latest version of the standard is taking steps towards addressing this crucial part of the problem.
 
“The proposed changes state that revised password policies should include guidance on ‘choosing strong passwords, protecting their credentials, changing passwords on suspicion of compromise’.  While this is certainly a step in the right direction, I would argue that we need to go further in order to adequately protect these extremely powerful credentials.  Rather than waiting for suspicious activity before taking action, organisations should arm themselves with the best possible defence by establishing a centrally managed privileged account security policy.  This will allow organisations to determine how regularly passwords need to be changed and can allow users to easily set, manage and monitor password security from one single interface.
 
“By simplifying the password management process and giving control back to the security, risk and audit teams, companies can be sure that they are not only compliant with PCI DSS v3.0, but also that they are doing everything they can to proactively protect their customers’ payment card data.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo