IT News from
Enterprise Product Reviews from
Enterprise Software News from
IT Security News from
Enterprise Storage News From
VoIP News from
IT Management Insights from
Business News from
SEARCH

December 22, 2005 (2:34 PM EST)

Consumer Data Security Movement Backburnered By Lawmakers

Page 2 of 3

By Gregg Keizer , TechWeb Technology News

Enterprises have made significantly more progress, Litan argues, if only by boosting their spending on security software like intrusion detection systems and data encryption tools.

""That's the good news,"" Litan said.

The bad? Third-party data brokers remain unregulated, and the credit card industry's PCI (Payment Card Industry) Data Standard is extraordinarily confusing, so much so that come retailers can't figure out if they're in compliance.

The third-party broker issue is important, since the data loss that jump-started concern over security was the fault of broker ChoicePoint, which sold fraudsters tens of thousands of consumers' names, addresses, Social Security numbers, and credit reports in October 2004.

But Litan saved her harshest criticism for the PCI standard, an effort by major credit card companies like MasterCard and Visa to bring companies that accept credit cards into line. Under the PCI standards, companies that accept credit cards must comply with a dozen security requirements, such as encrypting cardholder data as its moved across public networks like the Internet, installing a firewall, and regularly testing security systems.

""It's pretty much Security 101,"" said Litan. ""But it's too confusing. Too many companies still can't get clear answers from the credit card associations whether they're in compliance with PCI or not.""

And a recent incident at Sam's Club, a division of Wal-Mart, showed how PCI seems to be applied unequally, Litan said.

Earlier this month, Sam's Club announced that at least 600 customers who bought gas at its stores between Sept. 21 and Oct. 2 had their credit card data stolen.

Before
Page 2 of 3
Next


   Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)
SECURITY WHITE PAPERS AND REPORTS
Auditing: What You Need to Know
All companies must go through a formal auditing process to ensure they're meeting various compliance demands. In theory, this exercise will help them understand where their security holes are and how to make appropriate improvements. But how do companies ensure their auditors understand specific IT security issues and requirements? We find out.

Using QUALYSGUARD to meet SOX compliance & IT control objectives
As a guideline to achieve SOX compliance, the SEC has mandated that organizations use a recognized internal control framework—specifically the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). This document shows how CobIT provides the actionable framework for compliance with COSO.

Regulatory Compliance and Critical System Protection: The Role of Mission-Critical Power and Cooling in Data Integrity and Availability
This white paper addresses the regulatory compliance issues that impact business continuity planning and how mission-critical power, cooling, and monitoring strategies support business continuity.

Keeping Up Your SOX Compliance - And Turning IT into a High Performer by Improving Change Control
Learn how to sustain ongoing SOX compliance efforts by recognizing & implementing the IT controls that deliver long-term competitive advantages as well as meeting SOX requirements. This paper provides guidance to improve your Sarbanes-Oxley program efforts and highlights key information on Tripwire and to the many ways we can support your efforts.

BIGFIX Presents: Ray Hopewood, the Godfather of Enterprise Security

Free analysis to plan and design deployment of Vista in your enterprise

Unstrung: The worldwide source for analysis of the global wireless economy

Where is your company on the color adoption curve?

Top ten search terms from the TechWeb TechEncyclopedia

Related White Papers

CAREER CENTER
Ready to take that job and shove it?
SEARCH
Function:

Keyword(s):

State:
SPONSOR

RECENT JOB POSTINGS
CAREER NEWS
If you're thinking about establishing yourself in Second Life -- or are wondering whether you should -- we've got five rules that will help your new venture be a success.

The global defense and tech company is seeking tech professionals skilled in Web site development, general software development, database administration, digital manufacturing, SAP/ABAP, complex CAD/CAM and PLM activities.

Advertisement






Specialty Resources

Featured Microsite

Related Links


Microsites

Featured Topic

<A HREF=""http://as.cmpnet.com/event.ng/Type=click&FlightID=98278&AdID=166478&TargetID=447&Segments=475,1411,3108,3448&Targets=447,2625,2878&Values=34,46,51,63,77,87,93,102,140,222,227,398,442,479,1255,1405,1766,1785,1925,2299,2310,2352,2678,2727,3235,3351,4080&RawValues=&Redirect=http://www.bmighty.com"" target=""_top""><IMG SRC=""http://i.cmpnet.com/ads/graphics/as5/tr/blank.gif"" WIDTH=125 HEIGHT=125 BORDER=0></A>

Additional Topics

Crush The Competition

TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.

Techencyclopedia

Get definitions for more than 20,000 IT terms.