Tactical Advice

If PCI DSS Compliance Isn’t a Daily Requirement, It Should Be

Bob Russo, general manager of the PCI Security Standards Council, wants security compliance to be a top priority every day.
If PCI DSS Compliance Isn’t a Daily Requirement, It Should Be

When something is checked annually, it’s easy to procrastinate and clean house within a short time before inspection. Take taxes, for example. How many people scramble in the last few weeks — or even days — before taxes are due as opposed to organizing their paperwork daily throughout the year?

Bob Russo, general manager of the PCI Security Standards Council, is ready to change all that when it comes to IT security. At the annual RSA conference, Russo proposed setting up a security standards lifecycle, so that organizations always remain compliant as opposed to merely becoming compliant around their annual check-in date.

Tripwire spoke with Russo directly about his initiative, during which he highlighted a few regular practices organizations should embrace to stay compliant on a regular basis:

  • Measuring and monitoring
  • Utilizing data leak prevention methodologies
  • Getting rid of data you don’t need (Russo’s motto: “If you don’t need it, don’t store it”)
  • Replacing default passwords
  • Utilizing technologies to cut attack surface such as point-to-point encryption and tokenization.

Watch the video of Russo’s interview with Tripwire below.

For more on Russo’s initiative, read the full post on the Tripwire blog. And for more great content from around the web, check out BizTech's 50 Must-Read IT Blogs.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.