If PCI DSS Compliance Isn’t a Daily Requirement, It Should Be
When something is checked annually, it’s easy to procrastinate and clean house within a short time before inspection. Take taxes, for example. How many people scramble in the last few weeks — or even days — before taxes are due as opposed to organizing their paperwork daily throughout the year?
Bob Russo, general manager of the PCI Security Standards Council, is ready to change all that when it comes to IT security. At the annual RSA conference, Russo proposed setting up a security standards lifecycle, so that organizations always remain compliant as opposed to merely becoming compliant around their annual check-in date.
Tripwire spoke with Russo directly about his initiative, during which he highlighted a few regular practices organizations should embrace to stay compliant on a regular basis:
- Measuring and monitoring
- Utilizing data leak prevention methodologies
- Getting rid of data you don’t need (Russo’s motto: “If you don’t need it, don’t store it”)
- Replacing default passwords
- Utilizing technologies to cut attack surface such as point-to-point encryption and tokenization.
Watch the video of Russo’s interview with Tripwire below.