Main Header logo  
Search:
Username: 
Password: 
Become a Member 
Home 
Contact Us 
Ask An Expert 
Agent Zone Benchmarking Customer Relations Management Human Resources Outsourcing Performance Quality Technology Telecommunications Training Workforce Management


 
Industry Awards

Industry Certification

For Your Center

Conferences & Events

Editorial Features

Forums

Tools & Utilities


 
Companies Should Take Holistic Approach To New PCI E-commerce Standards

United Kingdom - July 15, 2008 - Global Secure Systems (GSS), a security reseller and systems integrator, has warned companies of the need to be aware of Section 6.6 of the PCI standard - which mandates the use of Web application code reviews or the installation of an application-level firewall.


According to David Hobson, GSS' managing director: "The new requirements of the Payment Card Industry s6.6 standards should not, however, be treated as a rubber-stamp approval system for e-commerce security, but should be included in a company's overall IT security plans. The topic of information security, has to be approached holistically."

"Understanding what organisational assets require protection, what risks (i.e. the consequence of loss) relate to those assets and what the correct risk treatment decisions are in respect of those risks is critical in defining a security strategy," he said.

"On top of this, if organisations are going to slavishly follow standards like PCI in 'tick-box' fashion, they may achieve compliance, but they are almost certainly not going to be fully secure against fraud," he added.

Hobson says "Organisations need to be able to answer the 'what' (what are we trying to achieve?) and the 'how'(how should be trying to achieve it?) questions before any further steps are taken."

"If organisations are unable to answer these two simple questions, then they run the risk of spending large amounts of money meeting the PCI s6.6 standards requirements, for very little improvement in their actual IT security posture," he said, adding that "Technology should be the last consideration in any security program. Security is not something that companies can simply buy, but is something that you embed in your organizational culture."

"No amount of point solutions, be they firewalls, database security tools or code reviews are going to deliver 'security' unless your organisation understands what its control objectives are and gets its executives to buy into the process of meeting those objectives. Only then should the company consider that the relevant controls should be," he explained.


More Editorial from Global Secure Systems (GSS)
WiFi Users Urged To Step Up Security As Russia Firm Releases New Software

Date Published: Tuesday, July 15, 2008
Printer Friendly Version  Printer friendly version
 Recommend to a friend
 Bookmark & Share













LATEST MEMBERS

Over 119,976 Members in the contact center, help desk, CRM industry
View members' directory


















-Back To Top-

| Request Information from CRM & Contact Center Suppliers | About ContactCenterWorld |
| Advertise CRM & Contact Center Solutions | Link to this site |
| Submit CRM and Contact Center Content | Contact Us | Privacy Policy |
| Recommend this site to other CRM & Contact Center Professionals | Disclaimer |

©ContactCenterWorld.com 1999-2010
The Global Support Organization For Contact Center Professionals & the place for information on:
Contact Center Management, Contact Center Message Boards, Contact Center Software, Contact Center Trends, Contact Management, Cost per Call, CRM, Customer Interaction Management (CIM), Customer Measurement, Customer Satisfaction, Dialers, Disaster Recovery, Do Not Call (DNC), e-Learning, E-mail, e-support, Erlang, First Call Resolution