Secerno: Secerno issues warning about light weight PCI Standard update; Perimeter application firewall requirement leaves customer data vulnerable to growing insider threat, claims database security expert
TMCnet
TMC Launches New Sites: Cable 4G Wireless Evolution  |  Satellite  |  Green Tech  | IT | IVR |  ITEXPO East begins in:   REGISTER NOW!
  INDUSTRIES
  PUBLICATIONS
  FREE RESOURCES
  INTERNATIONAL
  EVENTS
  ABOUT TMC
  COMMUNITIES
TMCnet CHANNELS
3G, VoIP & IPTV Performance Management
All-in-one IPPBX
Appliance Deployment
ATCA
Auto Dialer
Bandwidth Management
BPA (3rd Party Remote Call Monitoring)
Broadband Telephony
Business VoIP
Call Center
Call Center Certification
Call Center Cubicles
Call Center Furniture
Call Center Hiring
Call Center On Demand
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Monitoring
Carrier Ethernet
Conference Call
Conference Phones
Conferencing
Contact Center Software
CRM Software
CRM Solutions
Cubicles
Device Provisioning
Dialer
DID/DDI
Email Server
Ethernet Extender
Fax
Fax Over IP
Free Conference
HD Conference
HD Video Conferencing
Headsets
Hosted Call Center
Hosted Contact Center
Hosted PBX
IP Phone System
IVR
Managed Services
Mobile Management
Mobile Unified Communications
Mobile Video
NAT Traversal
Open Source CRM
PC to Phone
Performance Management
Phone Systems
Predictive Dialer
Pre-employment Screening
Selecting VoIP Solutions
SIP
SIP / IP Fax
SIP Trunking
Softswitch
Speech Recognition and Text to Speech
Telecom Cost Management
Telecom Expense Management
Telemarketing Software
Triple Play
Unified Communications
Virtual Call Center
Virtual Numbers
Virtual PBX
Voice Broadcast
Voice and Video IP Communication
Voice Peering
Voicemail Replacement
VoIP Contact Center
VoIP Developer
VoIP Monitoring
VoIP Robustness Testing
VoIP Test Solutions
Web Conferencing
Webcasting Services
Webinar
Wholesale VoIP
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Management Software
Workforce Optimization
E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts
TMCnews
[June 23, 2008]

Secerno: Secerno issues warning about light weight PCI Standard update; Perimeter application firewall requirement leaves customer data vulnerable to growing insider threat, claims database security expert

(M2 PressWIRE Via Acquire Media NewsEdge)
RDATE:23062008

London -- Secerno, a global technology leader in data security, today
issued a warning to retailers and consumers alike regarding section 6.6
of the PCI standard that takes effect on June 30th. The measures that
the update requires - either installing firewalls around
Internet-facing applications or having all customer application code
reviewed for common vulnerabilities - are undoubtedly a useful step,
forwarding any security strategy. However, Secerno argues that, with
its perimeter focus, the section fails completely to provide any safety
provisions against the rising and detrimental threat of insider
breaches and theft of data. The insider threat covers everything from
employees who have financial or other motives to obtain and sell data
through to criminals who infiltrate an organisation with the sole
intention of stealing information.

Retailers, which have seen consumer confidence eroded by a series of
well-publicised breaches, are viewing PCI as a means to win back trust
and alleviate fears of having consumer data stored internally. However,
in the face of increasing insider threats, the PCI Requirement 6.6 and
the overall standard remain ineffective for security. Even as a
prescription for external attack prevention, PCI falls short - allowing
cyber-criminals access to data that they can immediately use. The
Hannaford breach is a perfect example of data being targeted and stolen
specifically for fraudulent means. By the time the breach was realised,
4.2 million credit cards had been compromised, despite the supermarket
chain being fully PCI compliant.

Secerno is calling on the retail industry to do the following:

* Mandate more stringent controls at the database itself, to actually
achieve what PCI intends - protect stored credit card and other
consumer financial data

* Mandate a universal definition of a data breach that works to the
consumer's benefit. The definitions and reporting requirements for data
loss vary widely and many times the consumer learns about the breach
months after its occurrence

* Do not fall victim to believing in only one type of threat - and that
it is external. Internal threats are on the rise, and the PCI standard
does not take private networks into account

"The PCI Data Security Standard has the best intentions, but as is the
case with many compliance directives, it barely addresses the most


immediate and upcoming threats to consumer data," said Paul Davie,
Founder of Secerno. "PCI was historically written for ecommerce rather
than general retailers where breaches have actually been taking place.

It is generally inadequate for addressing the sort of internal threat
that can be exploited easily, such as by general or privileged users.



The standard says nothing about any malware other than viruses, it says
nothing about encrypting internal data, it says nothing about
protecting data on private networks and it says nothing about securing
the database. Unfortunately, the internal threat is PCI's blind spot."

About Secerno

Award-winning Secerno provides the world's most advanced, comprehensive
and intelligent database security solution. Secerno.SQL protects data
at the point at which it is accessed and delivers the highest levels of
protection against internal and external threats, optimises compliance
auditing and delivers the ability to improve the security of
applications.

CONTACT: Mital Joshi / Pete Hendrick, Rocket PR, for Secerno
Tel: +44 (0)845 370 7024
e-mail: mital / pete@rocketcomms.net
Emma Dunstone, Marketing Director, Secerno
Tel: +44 (0)845 450 9460
e-mail: emma.dunstone@secerno.com
WWW: http://www.secerno.com

((M2 Communications Ltd disclaims all liability for information
provided within M2 PressWIRE. Data supplied by named party/parties.
Further information on M2 PressWIRE can be obtained at
http://www.presswire.net on the world wide web. Inquiries to
info@m2.com)).

Copyright ? 2008 M2 Communications Ltd.

[ Back To TMCnet.com's Homepage ]
Discussions:
Be the first to post a comment on this page!
 
By  
TMCnet
+ Add to the Discussion
Receive more news in your Email
Featured White Papers
Featured White Paper RSS feed
Customer Process Management: Developing best practices and metrics for a customer-centric operation
Understanding the Total Cost of Ownership of IP Telephony Solutions
Upgrading from a RADIUS Billing Server to a Native SIP based IVR and Real-time Billing Solution
view all white papers…
Top Stories
Today's TMCnet Top Stories and News Articles
Hawaiian Telcom Files for Bankruptcy
Southern Company Gets 'Nicer'
Joyent Deploys F5 BIG-IP Local Traffic Manager
Think Eco-Logical Initiative Shows Enterprises the Benefits of Going …
Frost & Sullivan Sees Service Provider Opportunities
more of today's top stories...
Related VoIP News
Latest IP Communitions and VoIP News
Nucleus Research Determines BlackLine Solutions Delivering 227 Percent ROI for Cox Communications
Safaricom Picks ADC's InterReach Fusion for Wireless Coverage
Mobile VoIP A Slam Dunk?
VoIP for iPod Touch
Fewer Telco Lines in Service? Think Again.

Today @ TMC
Upcoming Events
19th INTERNET TELEPHONY Conference & EXPO East
 February 2-4, 2009 — Miami Beach Convention Center, Miami, FL
Digium Asterisk World Conference
 February 2-4, 2009 — Miami Beach Convention Center, Miami, FL
4G Wireless Evolution Conference
 February 2-4, 2009 — Miami Beach Convention Center, Miami, FL
6th Annual Communications Developer Conference
 February 2-4, 2009 — Miami Beach Convention Center, Miami, FL
20th INTERNET TELEPHONY Conference & EXPO West
 October 27-29, 2009 — Los Angeles Convention Center, Los Angeles, CA
view more…
Subscribe FREE to all of TMC's monthly magazines. Click here now.