Sunday, July 21, 2019
  • SANS CTI Summit 2019, Katie Nickels’ & Brian Beyer’s ‘ATT&CK™ Your CTI With Lessons Learned From 4 Years In The Trenches’
  • Another Look at Insider Threats
  • Robert M. Lee’s & Jeff Hass’ Little Bobby Comics: ‘Zero Day Noobs’
  • SANS CTI Summit 2019, Matt Bromiley’s ‘BEC Revisited: Dropping By On Our Favorite Prince’
  • SANS CTI Summit 2019, Mitchell Edwards’ ‘Language And Culture In Threat Intelligence’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » 3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

by Onyeka Jones on May 20, 2018

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls.

For example, PCI 3.2 has provisions for 2-factor authentication, preventing weak passwords and restricting access to cardholder information.

Despite the benefits, compliance with PCI 3.2 is not without its challenges.

Tedious Audits

A lot of time and effort is often required to attain compliance, and as a result, some organizations focus on passing the PCI audit and proving compliance at that point in time. But then over time, configuration changes push the environment out of compliance, making those environments less secure, and increases cybersecurity risk.

The result is that the next time, there is even more effort – time and resources – that needs to be expended to achieve compliance.

Configuration Drift

Even when compliance with PCI DSS is achieved, it is easy to be lulled into a false sense of security, thinking that just being compliant results in a secure environment. This is when systems can “drift” out of compliance, even though at a particular point in time the organization may have undergone third-party penetration testing and vulnerability assessments and passed an audit.

However, the PCI Security Standards Council states “to ensure security controls continue to be properly implemented, PCI DSS should be implemented into BAU (business as usual) activities as part of an entity’s overall security strategy.”

BAU translates into continuous compliance every day.

Technical Skills Gap

Organizations are challenged with complying with PCI 3.2 and mitigating growing cybersecurity risks while grappling with the technical skills gap (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/3-key-challenges-to-being-pci-3-2-compliant-and-how-to-resolve-them/

May 20, 2018May 21, 2018 Onyeka Jones ExpertOps, FIM, PCI
  • ← 5 Common DevOps Transition Mistakes to Avoid
  • The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

The Role of Endpoint Security in Financial Services
DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’
Is BlueKeep a Perfect Storm for Health Care?
How Will the EU’s Article 13 Directive Affect Streaming Platforms?
Cannabis Retailers: Don’t Get Caught in the Cyber Weeds
Artificial intelligence in cyber security: The savior or enemy of your business?
NIST 800-63-B: Authentication and Lifecycle Management Guidelines
The Strange Case of the Malicious Favicon
Hackers steal $32 million from Japanese cryptocurrency exchange Bitpoint
Guardians of the Cloud: The Latest Security Findings

Upcoming Webinars

Tue 23

You’re Bleeding. Exposing the Attack Surface in your Supply Chain

July 23 @ 1:00 pm - 2:00 pm
Tue 30

A Practical Approach to Security Automation

July 30 @ 1:00 pm - 2:00 pm
Wed 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm
Wed 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

How Will the EU’s Article 13 Directive Affect Streaming Platforms?
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

How Will the EU’s Article 13 Directive Affect Streaming Platforms?

July 19, 2019 Joseph Chukwube | 2 days ago 0
Is BlueKeep a Perfect Storm for Health Care?
Cybersecurity Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Is BlueKeep a Perfect Storm for Health Care?

July 18, 2019 Safi Oranski | 3 days ago 0
The Role of Endpoint Security in Financial Services
Cybersecurity Endpoint Industry Spotlight Security Boulevard (Original) 

The Role of Endpoint Security in Financial Services

July 17, 2019 Monica Hovsepian | 4 days ago 0

Top Stories

DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Malware Network Security News Security Boulevard (Original) Spotlight 

DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’

July 19, 2019 Richi Jennings | 2 days ago 0
Zoom Spying Vulnerability: The Plot Thickens
Application Security Cloud Security Cybersecurity Endpoint Featured News Security Boulevard (Original) Spotlight 

Zoom Spying Vulnerability: The Plot Thickens

July 16, 2019 Richi Jennings | Jul 16 0
Symantec Expands Capabilities of Cloud Gateways
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Symantec Expands Capabilities of Cloud Gateways

July 16, 2019 Michael Vizard | Jul 16 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, Expiration Date High Score

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.