As breaches continue to happen, the adage of not if but when continues to ring true. The following 9 myths regarding PCI compliance are worth a review as many organizations allocate funds to cybersecurity spending.
Myth 1. PCI compliance is not worth our time as an organization.
As more and more organizations and even the tech industry itself moves toward a risk-based approach, the notion of annual reporting on cybersecurity and technology risk is not far off. PCI DSS requires organizations regularly test security processes and systems. Though this is a challenge, PCI compliance audits may help organizations as they make decisions regarding technology and risk.
Areas to address include:
- Network Security: Non-firewalled connections are a risk, and restrict access to only those who need access.
- Data Storage: this is always a vulnerability when data is stored. Keep data retention to a minimum.
- Application Security: Does one application (Read more…)
*** This is a Security Bloggers Network syndicated blog from Cimcor Blog authored by Jacqueline von Ogden. Read the original post at: https://www.cimcor.com/blog/9-pci-myths-that-can-cost-cios