December 2009 Archives

Securing the network isn't usually what comes to mind when people think of PCI, or PCI DSS (Payment Card Industry Data Security Standard). For businesses that process credit cards, which include retail organizations and a growing number of government, education, and healthcare facilities, complying with PCI means getting rid of credit card numbers after they are processed and encrypting payment data. In reality, if access to an organization's network isn't tightly monitored and controlled, many of the other PCI guidelines are useless. Ensuring the security of the network transactions are processed on is imperative.

First, the basics: The objective of PCI is to implement a worldwide information security standard so that all merchants that accept credit cards would be required to protect cardholder data by complying with a set of universal security standards. Continue Reading...

In my role as CEO of a technology company, I am constantly evaluating the market and working to understand the needs of IT departments and the technology industry as a whole. My company, eTelemetry, makes products that solve a host of IT-related problems, with a focus on security and compliance. 

In conducting market research and talking to IT staff in the field, I am always surprised to see compliance and security officers operating independent of one another. Sure, not all compliance is security compliance, but the two intersect in enough ways to warrant tight collaboration. Not only do data security regulations, such as Payment Card Industry (PCI) Security Standards, require additional network visibility and control, but regulations that may on the surface seem unrelated to IT, such as those involving personnel actions, often require documentation from IT relating to an employee's online activity. Continue Reading...