The Bad Guys Are Outrunning The Good Guys-can Compliance Stop Them?

摘要

Judging by the number of public breaches that we keep hearing about, it looks like the bad guys are far outrunning the good guys. We know it's a big problem because as a company we get called in to sort out the problems most often once the horse has bolted. In June of this year in the US the section 6.6 of the PCI Data Security Standards (DSS) became mandatory - have things changed? It's still too early to tell - and from a UK perspective we are waiting to see whether it makes a change for the better. Online merchants that process credit card payments now either have to conduct a code review for their applications or install an application-layer firewall. The standard offers a choice, but there really isn't any choice at all. If an organization is going to successfully protect its data, it needs to aim for preventing a breach, not passing an audit. This means, first, finding and fixing the vulnerabilities in your software, second, building security into the development process, and third, protecting your applications once they're deployed.