Retail sector slow in adopting new PCI standards
Posted on 31 October 2013.
Tripwire announced the results of research on risk-based security management in the retail industry, and the news isn't good: the majority of the retail sector is yet to implement to the new PCI standards.

The survey, conducted in April 2013 with the Ponemon Institute, evaluates the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. One hundred sixty-two retail sector respondents from the U.S. and U.K. participated in the retail portion of the survey.

The most recent version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) will soon require businesses to implement and perform penetration testing. In addition, PCI DSS 3.0 will also clarify different methods of secure authentication and session management so businesses can better protect themselves against man-in-the-middle, man-in-the-browser and other similar cyber attack methods.

However, the study revealed that the retail industry hasnít yet implemented these new security requirements.

Key findings include:
  • Only 41 percent of the retail sector uses penetration testing to identify security risks.
  • Only 34 percent of the retail sector measures the reduction in access and authentication violations to assess risk management efforts.
  • Only 44 percent of the retail sector has fully or partially deployed file integrity monitoring.
  • 62 percent of IT professionals in the retail sector say that negative facts about security risks are filtered before being communicated with senior executives.
For more information about this survey, go here.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //