Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The ultimate unanswerable question: Are we PCI-compliant?

Evan Schuman | Oct. 13, 2016
When you most need to be able to say that you are PCI-compliant is when it's taken away

Most PCI vendors - and I say "most" because I am trying to be charitable - treat PCI as though it can be managed.

Let me be clear. As far as I can tell, what Tenable is offering is quite valuable and is arguably one of the most robust security packages out there today. It will almost certainly help merchants keep their QSAs happy, since it will flag common areas where merchants get into security trouble. Indeed, it even tries to address cloud computing and mobile problems by watching network ingress and egress. That way, if someone is touching payment card data and downloading it to some device, it's tracked.

But it can't track PCI compliance - which is a human-dictated state - any more than it can declare a system "secure." A system can be made more secure than it was an hour ago, but no system can ever be considered entirely secure. The same goes for PCI compliance. It's frustrating, but true.

Source: Computerworld US 


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.