United Kingdom - July 15, 2008 - Global Secure Systems (GSS), a security reseller and systems integrator, has warned companies of the need to be aware of Section 6.6 of the PCI standard - which mandates the use of Web application code reviews or the installation of an application-level firewall.

According to David Hobson, GSS' managing director: "The new requirements of the Payment Card Industry s6.6 standards should not, however, be treated as a rubber-stamp approval system for e-commerce security, but should be included in a company's overall IT security plans. The topic of information security, has to be approached holistically."

"Understanding what organisational assets require protection, what risks (i.e. the consequence of loss) relate to those assets and what the correct risk treatment decisions are in respect of those risks is critical in defining a security strategy," he said.

"On top of this, if organisations are going to slavishly follow standards like PCI in 'tick-box' fashion, they may achieve compliance, but they are almost certainly not going to be fully secure against fraud," he added.

Hobson says "Organisations need to be able to answer the 'what' (what are we trying to achieve?) and the 'how'(how should be trying to achieve it?) questions before any further steps are taken."

"If organisations are unable to answer these two simple questions, then they run the risk of spending large amounts of money meeting the PCI s6.6 standards requirements, for very little improvement in their actual IT security posture," he said, adding that "Technology should be the last consideration in any security program. Security is not something that companies can simply buy, but is something that you embed in your organizational culture."

"No amount of point solutions, be they firewalls, database security tools or code reviews are going to deliver 'security' unless your organisation understands what its control objectives are and gets its executives to buy into the process of meeting those objectives. Only then should the company consider that the relevant controls should be," he explained.

Date Posted: Tuesday, July 15, 2008

Printer friendly version

-Back To Top-

| Request Information from CRM & Contact Center Suppliers | About ContactCenterWorld |
| Advertise CRM & Contact Center Solutions | Link to this site |
| Submit CRM and Contact Center Content | Contact Us | Privacy Policy |
| Recommend this site to other CRM & Contact Center Professionals | Disclaimer |

©ContactCenterWorld.com 1999-2009
The Global Support Organization For Contact Center Professionals & the place for information on:
Multimedia Contact Center, Offshore Outsourcing, On Hold, Outsourcing, Predictive Dialers, Quality Monitoring, Recruitment, Self Service, Speech Recognition, Telemarketing, Virtual Contact Center, VoIP, Web Chat, Work at Home, Workforce Management