What’s Wrong With The PCI DSS?

There has been a lot of criticism regarding companies following the PCI DSS as there only form of security. While it is important to have other options for security, following the PCI DSS does work!

clipped from www.tripwire.com There’s nothing wrong with PCI DSS that cannot be cured by following it I continue to hear comments that PCI DSS doesn’t work and that it should be modified or even eliminated. find it interesting that so much fault can be leveled at PCI DSS in light of the facts that Verizon Business puts forth in their 2009 Data Breach Investigations Report. Here are some of their findings after investigating data breaches that compromised 285 million records in 2008 alone:  81% of the victims were not PCI compliant The last point—81% of the victims were not PCI compliant—speaks volumes about the spirit, intent and effectiveness of PCI DSS …. if it is treated as security best practice and followed on a daily basis rather than treating it as a checklist that must be passed annually. Until each of the above percentages changes dramatically, I think PCI DSS should be seen as a good security best practice to follow continuously. Posted by Ed Rarick