PCI's Post-Audit Pain Points

Passed your first PCI compliance audit? You've only just begun! Veterans say ongoing challenges with log management, database encryption and upper management buy-in mean the task is never finished

Bill Brenner (CSO Online)
06 November, 2008 10:01
Comments

Page:

1
2
3
next >

Those who thought their PCI security challenges would be over after the first passing compliance audit say they continue to be dogged by the same problems that caused pain in the beginning.

For Jennifer Atwell, point-of-sale and communication support manager at Apple Gold Group, log management continues to be a pesky nuisance.

"Log management, while necessary, has turned out to be the biggest issue for us," says Atwell, who is based in North Carolina. "Partnering with a good vendor helps, but when you're starting from scratch, it's a big project."

Legacy applications continue to challenge PCI security at Lifestyle Services Group, according to Jim Griffiths, the company's UK-based information security and compliance chief. And at the National Bank of Kuwait, Information Security Officer Imran Minhas continues to be challenged by the task of database encryption.

"Database encryption is turning out to be a huge project in itself," Minhas says. "A place where no cardholder data is encrypted at all, all of a sudden has to encrypt almost every one of its databases. It's a bit hard to get everyone to prioritize this project to everything else. Upper management is good with it, but it comes down to the people who are going to implement the solutions."

But for the vast majority of security pros surveyed by CSO online in recent weeks, the biggest problem is upper management.

The top brass may be fully supportive during that initial PCI security effort. But once that first audit is complete and the company gets a passing grade, the executives assume the task is done. Instead, security pros have found that the work is never done.

"Everyone, especially senior management, thinks that if we pass a PCI audit then we are safe for a year," says David Glosser, network security administrator for a company in New York City. "There's a perception that PCI-compliant shops are perfect."

The upper management problem

Others polled by CSOonline reported running into the same wall Glosser spoke of. Daniel Blander, a CISM, CISSP and president of Techtonica, says he has seen the problem up close.

Page:

1
2
3
next >

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: pci standard

Latest Blog Posts

Whitepapers

Enterprise Buyers Guide for Tablets
In this enterprise buyers guide Computerworld provides a framework for assessing the suitability of tablet computers with different work styles and demands. The guide takes into account upgrade cycles, pricing and contract issues with telecommunications providers. It features a shopping checklist covering screen types, connectivity and hardware as well as a guide to application management. This is in addition to a full roundup of the major players including road maps for the most popular operating systems.

Learn more »
Enterprise Buyers Guide for Cloud Storage
Customer interest in public cloud storage is increasing, driven by the promise of affordable, elastic storage for archiving, backup/recovery, and disaster purposes. To understand the types of offerings available and to assist buyers with purchasing decisions Computerworld has prepared a public cloud storage buyers guide.

Learn more »
Sun Blade 6000 Modular System: Power and Cooling Efficiency
Most IT organizations are struggling with the need to deploy ever more applications in the fixed space, power, and cooling envelope of their data centers, the ability to save even a hundred watts per system quickly turns into more breathing room for future applications and the servers to run them. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Enterprise Buyers Guide for Tablets

In this enterprise buyers guide Computerworld provides a framework for assessing the suitability of tablet computers with different work styles and demands. The guide takes into account upgrade cycles, pricing ...

Recent comments

"http://legalusdrugstore.com/13.jpg pharmacy technician books http://mexicocarepharmacy.com/products/ditropan.htm globe pharmacy kenya zouitulle vermox pharmacy guide ..."
Racing and Wagering Western Australia off and running for Melbourne Cup
"{A friend linked me to this resource."
The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."
Apple and Google disagree over licensing of essential patents
"As are ours."
Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."
FTC warns makers of background checking apps

HP and IDG news, product videos and resources

Follow CIO

Market Place

Application Lifecycle Management Zone - Whitepapers | Videos | Events | e-books | Case Studies and more. Visit the Zone

Improving Storage Efficiencies with Data Deduplication and Compression - Download free resource

How does Gartner rank ALM providers? Download the analysis report

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

PCI's Post-Audit Pain Points

The upper management problem

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Enterprise Buyers Guide for Tablets

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses