Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

PCI Standard compliance requirement deadline eased.

Fortify : 28 June, 2007  (Technical Article)
Fortify comments on Government easing of Payment Card Industry requirements as deadline approaches.
The recent ease in requirements for UK retailers attempting to comply with the Payment Card Industry Data Security Standards (PCI DSS) did not surprise application security expert Fortify Software, which has raised concerns over the amount of companies struggling to meet the June 30 deadline.

Jacob West, Manager of the Security Research Group at Fortify Software, has made the following comments:

'When dealing with information as sensitive as credit card details, it is absolutely crucial that everything possible is done to ensure the complete protection of this data. As such, we applaud the PCI standard and its emphasis on self-regulation.

However, given the rush for businesses to comply with the PCI standard, particularly the requirement to maintain secure systems and applications, we're concerned that some organisations won't do as thorough a job as they should. To achieve meaningful compliance with PCI, organisations have to design, build, test, and deploy their credit card systems with security in mind from the very beginning.

We believe the PCI standard would be more effective - and that more companies would pass the PCI audit the first time - if it outlined specific steps necessary to implement a secure development lifecycle. Rather than alluding to industry best practices, we would like to see PCI mandate specific activities, such as architectural risk assessment, static source code analysis during development, security testing with specific measures of breadth and depth, and application-aware security defences applied to deployed applications.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo