Wednesday, July 18, 2018
  • It’s Time To Break-Up The Data Monopolies
  • Blackgear Cyber Espionage Campaign Abuses Blogs, Social Media Posts
  • Silk Road administrator extradited to the US to face trial
  • Access to Applications Based on a « Driving License » Model
  • Remove LanRan v2 Ransomware – Restore .LanRan2.0.5 Files

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Community
    • Security Bloggers Network
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » 3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

by Onyeka Jones on May 20, 2018

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls.

For example, PCI 3.2 has provisions for 2-factor authentication, preventing weak passwords and restricting access to cardholder information.

Despite the benefits, compliance with PCI 3.2 is not without its challenges.

Tedious Audits

A lot of time and effort is often required to attain compliance, and as a result, some organizations focus on passing the PCI audit and proving compliance at that point in time. But then over time, configuration changes push the environment out of compliance, making those environments less secure, and increases cybersecurity risk.

The result is that the next time, there is even more effort – time and resources – that needs to be expended to achieve compliance.

Configuration Drift

Even when compliance with PCI DSS is achieved, it is easy to be lulled into a false sense of security, thinking that just being compliant results in a secure environment. This is when systems can “drift” out of compliance, even though at a particular point in time the organization may have undergone third-party penetration testing and vulnerability assessments and passed an audit.

However, the PCI Security Standards Council states “to ensure security controls continue to be properly implemented, PCI DSS should be implemented into BAU (business as usual) activities as part of an entity’s overall security strategy.”

BAU translates into continuous compliance every day.

Technical Skills Gap

Organizations are challenged with complying with PCI 3.2 and mitigating growing cybersecurity risks while grappling with the technical skills gap (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/pci/3-key-challenges-to-being-pci-3-2-compliant-and-how-to-resolve-them/

May 20, 2018May 21, 2018 Onyeka Jones ExpertOps, FIM, PCI
  • ← 5 Common DevOps Transition Mistakes to Avoid
  • The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

VPNFilter Attack Hits Chlorine Plant in Ukraine
Cybersecurity Job Seekers: Go West (or South)
We Have the Silver Bullet for BS Detection – CISO/Security Vendor Relationship Podcast
It’s Time to Rethink Privileged Account Management
A primer: How to stay safe on Amazon’s Prime Day Sale
Need for Speed: Optimizing Data Masking Performance and Providing Secure Data for DevOps Users
Google Cloud Server Authentication
Recon for Social Engineering, Par Excellence
No More Paralysis by Analysis: How Security is Evolving to Real-Time Outcomes

Upcoming Webinars

Wed 18

Embrace DevSecOps and Enjoy a Significant Competitive Advantage!

July 18 @ 11:00 am - 12:00 pm
Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Complete Guide on Open Source Security

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | 7 hours ago 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0
Is Vulnerability Management Now Out of Our Control?
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Is Vulnerability Management Now Out of Our Control?

July 6, 2018 Chris Calvert | Jul 06 0

Top Stories

VPNFilter Attack Hits Chlorine Plant in Ukraine
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

VPNFilter Attack Hits Chlorine Plant in Ukraine

July 16, 2018 Lucian Constantin | 1 day ago 0
Security Boulevard’s 5 Most Read Stories for the Week, July 9-13
CISO Suite Cloud Security Cybersecurity DevOps Featured Malware Most Read This Week News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Security Boulevard’s 5 Most Read Stories for the Week, July 9-13

July 16, 2018 Saleem Padani | 2 days ago 0
CPU Speculative Execution Hits Again with 2 New Spectre Variants
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

CPU Speculative Execution Hits Again with 2 New Spectre Variants

July 13, 2018 Lucian Constantin | Jul 13 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.