PCI Compliance: Implementing Effective PCI Data Security Standards

Security is a PROCESS, Not an Event

Security is not something that can be achieved, and then forgotten about. Contrary to some security vendor s claims and some management hopes, you cannot install some magical device on your network that will make you eternally secure. Security is a process of constantly assessing your risks then working to mitigate them to a reasonable level. These risks are ever-changing, so processes and technology to stop them should be ever-changing as well.

One thing to keep in mind is that you were never 100 percent secure to begin with. Even if you ve done everything you can find to secure your systems, an attacker can still find ways in. In fact, it s actually very difficult to prove that you are secure and it s relatively easy to prove that you are insecure. To prove that you are secure you must prove that every possible risk (remember, these are constantly changing) is protected against. To prove insecurity you only have to find one attack vector that isn t fully mitigated against. This could be an attack vector that you have never thought of. It could be one that only one attacker in the whole world knows about, and if that attacker decides to target your company, then despite all you have done he could successfully attack your network. Also, the more complex a system is the harder it is to secure. It is very difficult to have a system that s completely secure that actually does something useful, like...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Data Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.