Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications

Version 2 On The Cards For PCI Compliance

LogRhythm : 28 October, 2010  (Technical Article)
Taking feedback from merchants and service providers, the PCI SSC is now working on PCI DSS guidelines at Version 2.0
Hot on the heels of last month's PCI compliance deadline for level one merchants, the standard is set to make the news again this week as version 2.0 is confirmed. The revised standard will reflect accumulated feedback that the PCI Security Standards Council (PCI SSC) has received from merchants and stakeholders regarding the need for increased clarity and improved flexibility. The anticipated effective date is Saturday 1 January 2011.

LogRhythm, a log management and regulatory compliance specialist, is welcoming the clarified guidelines which should aid the many organisations that have still not met the PCI SSC's previous recommendations. In March 2010, a survey by Redshift Research revealed that just eleven percent of UK organisations were PCI DSS compliant.

"Some of the anticipated changes by the PCI SSC can't come too soon," said Ross Brewer, VP and MD of international markets at LogRhythm. "Reports show high rates of non-compliance, a fact often viewed as a reflection of the lack of clarity which has negatively affected the standard in the past. Guidance on Virtualisation and the alignment between PCI DSS and the Payment Application Data Security Standard will also be welcome, while the evolving requirement for centralised logging of payment transactions is a definite plus."

Complaints about the clarity of PCI DSS are not new and are part of a bigger compliance headache that many companies must now deal with. LogRhythm argues that, because compliance with multiple standards is now so commonly required, taking a siloed approach to each is both inefficient and ineffective.

"Too many organisations view compliance as a one-time only requirement, instead of an ongoing process that can actually aid wider business operations," said Brewer. "For example, companies that heed the PCI SSC's recommendation to continuously log and monitor their networks will also find that they are able to gain deep insight into their IT systems, particularly how data is stored, accessed and used. By capturing a complete picture of all the activity occurring across their entire infrastructures, organisations can detect any unauthorised event, regardless of whether it is related to credit card security, and can also pinpoint inefficiencies in their IT operations."

LogRhythm believes that all organisations should be look towards automated, centralised and fully integrated log management solutions to provide a unified view of business-wide IT activity. When combined with technologies like Security Information and Event Management (SIEM) and File Integrity Monitoring (FIM), an integrated log management platform provides the core functionality needed to effectively read and use the mass of data that all organisations now produce.

On Tuesday 2 November Ross Brewer and Eric Knight, senior knowledge engineer at LogRhythm, will co-host a webinar to discuss the release of PCI DSS version 2.0, the impact it will have or IT security and audit, and recommended strategies and actions to prepare for new mandates.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012