Thursday, February 9, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • The Dark Detectives: How to Defeat Reconnaissance-as-a-Service
  • Gamifying Security
  • Super Bowl Cybersecurity: Safeguarding Your Viral Moment
  • 2023: Complexity Reigns in Cybersecurity as Existing Threats Adapt and New Technologies Emerge
  • Why Secure Email Gateways Can Fall Short and How to Overcome Them
Security Bloggers Network 

Home » Security Bloggers Network » 3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

SBN

3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

by Onyeka Jones on May 20, 2018

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls.

TechStrong Con 2023Sponsorships Available

For example, PCI 3.2 has provisions for 2-factor authentication, preventing weak passwords and restricting access to cardholder information.

Despite the benefits, compliance with PCI 3.2 is not without its challenges.

Tedious Audits

A lot of time and effort is often required to attain compliance, and as a result, some organizations focus on passing the PCI audit and proving compliance at that point in time. But then over time, configuration changes push the environment out of compliance, making those environments less secure, and increases cybersecurity risk.

The result is that the next time, there is even more effort – time and resources – that needs to be expended to achieve compliance.

Configuration Drift

Even when compliance with PCI DSS is achieved, it is easy to be lulled into a false sense of security, thinking that just being compliant results in a secure environment. This is when systems can “drift” out of compliance, even though at a particular point in time the organization may have undergone third-party penetration testing and vulnerability assessments and passed an audit.

However, the PCI Security Standards Council states “to ensure security controls continue to be properly implemented, PCI DSS should be implemented into BAU (business as usual) activities as part of an entity’s overall security strategy.”

BAU translates into continuous compliance every day.

Technical Skills Gap

Organizations are challenged with complying with PCI 3.2 and mitigating growing cybersecurity risks while grappling with the technical skills gap (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/3-key-challenges-to-being-pci-3-2-compliant-and-how-to-resolve-them/

May 20, 2018May 21, 2018 Onyeka Jones ExpertOps, FIM, PCI
  • ← 5 Common DevOps Transition Mistakes to Avoid
  • The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
6clicks Taps GPT-3 to Automate Writing of GRC Controls
ChatGPT-Written Malware Will Change the Threat Landscape
Third-Party Breaches Impact Vast Majority of Organizations
Hunter Biden’s Laptop Revisited: What it Means for Cloud Storage
GUEST ESSAY: The common thread between China’s spy balloons and Congress banning Tik Tok
Let’s Talk About the Upside of Quantum Computing
Finland’s Most-Wanted Hacker Nabbed in France
Multi-Tenant Data Security for Databases with Record-Level Encryption
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Upcoming Webinars

Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

3 Steps to Software Supply Chain Security Success in 2023

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm
Mar 20

Software Supply Chain Security

March 20 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

February 3, 2023 Richi Jennings | Feb 03 0
‘Finish Him!’ US Kills Huawei With Final Tech Ban
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Finish Him!’ US Kills Huawei With Final Tech Ban

February 1, 2023 Richi Jennings | Feb 01 0
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0

Top Stories

6clicks Taps GPT-3 to Automate Writing of GRC Controls
Cybersecurity Featured Governance, Risk & Compliance News Security Awareness Security Boulevard (Original) Spotlight 

6clicks Taps GPT-3 to Automate Writing of GRC Controls

February 8, 2023 Michael Vizard | Yesterday 0
Splunk: Cybercriminals Use These Types of TTPs
Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

Splunk: Cybercriminals Use These Types of TTPs

February 7, 2023 Michael Vizard | 1 day ago 0
Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

February 6, 2023 Richi Jennings | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Electron Color’

Randall Munroe’s XKCD ‘Electron Color’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Logging, Management and Analytics

Step 1 of 4

25%
Currently, our log management solution is:
Currently, our log management solution is:
We use log management to help us understand:
As we move to the cloud, logs become:
This field is for validation purposes and should be left unchanged.