The PCI standard holds all businesses that process credit card transactions to a minimum security standard for protecting cardholder data. PCI requires companies to comply with 12 guidelines for protecting and storing data, encrypting data, maintaining security protocols for data access, and establishing strict information security policies. PCI compliant organizations need to assign a unique ID number to every employee who has access to credit card data, and each company must track data access patterns for every employee. It is evident that the PCI standard recognizes that most of the breaches of information security come from the inside, and its requirements address this issue directly, posing a significant challenge for most IT organizations.
The ubiquity of data networks driven by the vast efficiencies in communication and information sharing has given rise to established best practices for external network security. Most network security technologies have been designed for the perimeter, which is an organization’s first line of defense against malicious intrusion while ensuring the safe exchange of data with customers and partners. For the most part, the internal network has been underestimated as an entry point for theft or attack. New approaches to network security must be adopted to eliminate the vulnerability of the internal network.
A new category of holistic network security technology has emerged that blends traditional network security tools that protect the perimeter of the network with network performance technology. The confluence of network security and network performance creates a secure sphere of vigilance from the core of the network to its edge, enabling IT managers to watch for internal breaches of established security protocols at the same time they are monitoring for external infiltration.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.