 |
Home
Contact Us
Ask An Expert
Companies Should Take Holistic Approach To New PCI E-commerce Standards United Kingdom - July 15, 2008 - Global Secure Systems (GSS), a security reseller and systems integrator, has warned companies of the need to be aware of Section 6.6 of the PCI standard - which mandates the use of Web application code reviews or the installation of an application-level firewall. 
"Understanding what organisational assets require protection, what risks (i.e. the consequence of loss) relate to those assets and what the correct risk treatment decisions are in respect of those risks is critical in defining a security strategy," he said.
Hobson says "Organisations need to be able to answer the 'what' (what are we trying to achieve?) and the 'how'(how should be trying to achieve it?) questions before any further steps are taken."
"If organisations are unable to answer these two simple questions, then they run the risk of spending large amounts of money meeting the PCI s6.6 standards requirements, for very little improvement in their actual IT security posture," he said, adding that "Technology should be the last consideration in any security program. Security is not something that companies can simply buy, but is something that you embed in your organizational culture."
"No amount of point solutions, be they firewalls, database security tools or code reviews are going to deliver 'security' unless your organisation understands what its control objectives are and gets its executives to buy into the process of meeting those objectives. Only then should the company consider that the relevant controls should be," he explained.
 |
 115,191 Global Members 
 
 |