Data Security Firms Ally to Promote StandardsBy Brian Prince | Posted 2007-01-30 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The Payment Card Industry Security Vendor Alliance seeks to raise awareness about compliance requirements.
Eight leading data security companies have joined forces to create an organization to educate the business community on the value of global security standards that protect credit and debit card numbers.
The newly formed Payment Card Industry Security Vendor Alliance will assist the PCI Security Standards Councilan organization composed of merchants, banks and point-of-sale vendorsin educating the business community on the requirements and business value of the Payment Card Industry Data Security Standard.
The data security standarda series of rules commonly called the "digital dozen"sets requirements for security management, network architecture, software design and other critical protective measures.
Each of the founding members of PCI SVAConfigureSoft, Cyber-Ark, Modulo Security, Proginet, Protegrity USA, Reflex Security, SafeNet and Verisignwill provide flexible PCI Data Security Standard solutions to address the needs of system integrators and business users.
"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst at Enterprise Strategy Group, in a statement.
"These standards impose compliance rules that enterprises handling credit or debit card data must resolve from business and technology perspectives. The PCI SVA is a valuable component in addressing this issue holistically."
Members of the Alliance said they plan to create a series of case studies, seminars and white papers to show both the value of the PCI DSS requirements as well as how organizations can comply with the standards efficiently and on-budget.
David Taylor, vice president of data security strategies at Protegrity, said there is often confusion among businesses as to what kinds of security controls are required.
"Standards are a moving target," Taylor said, noting that a new set of rules, PCI DSS Version 1.1, was released in September. "They can change."
"We have a very good relationship with the PCI Security Standards Council," he said. "We want to try to help merchants determine their roadmap from wherever they are now to becoming compliant."