Wireless PCI Compliance in just 5 Minutes
This new product video from AirTight Networks shows how easy it is to automate your wireless PCI vulnerability scanning. AirTight SpectraGuard Online can be configured and running in as little as 5 minutes and 3 easy steps. AirTight eliminates the need to send staff to remote locations with a mobile analyzer to conduct the routine PCI scan for rogue APs. IT professionals should find this refreshing.
Watch AirTight’s wireless PCI scanning video
Mike Baglietto Compliance, PCI, Wireless scanning, Wireless security PCI
An interesting survey on PCI DSS compliance was recently published by the Ponemon Institute. There are many interesting findings in the survey some of which I summarize here.
One thing that strongly comes out is that though PCI DSS compliance is perceived as contributing to an organization’s security posture, cost factors are pestering. 60% of the respondents have said that they do not have sufficient resources to manage PCI DSS compliance even though it seems they are spending one third of their security budget on PCI DSS compliance. Another interesting and equally troubling data point that comes out of the survey is that 71% respondents say that their organizations do not have data security as enterprise level strategic initiative. No wonder TJX type breaches happen!
The data security problem is going to only get harder in the future as new networking technologies evolve; most notably wireless and Web2.0. In fact, already 38% percent respondents in the survey have said that that they think the most serious security threats are located in wireless devices. Rightly, PCI DSS has also added wireless scanning control into the compliance pack.
So it is clear that we need low-overhead enablers for organizations to achieve and maintain PCI DSS compliance. At least for wireless PCI DSS compliance, we at AirTight have developed a hosted wireless scanning solution to make PCI DSS compliance cost effective and effortless. Would like to hear from others what they think are the ways to help organizations achieve compliance without much cost and complexity.
Hemant Chaskar Compliance, PCI dss, hosted, PCI, SaaS, scanning, spectraguard online, wireless
Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.
Wireless Threats That Can Compromise PCI DSS Compliance
The key highlights are:
Read more…
Kaustubh Phanse Compliance, PCI, Wireless security PCI, PCI DSS, PCI SSC, Rogue AP, WIPS, Wireless security
About two and half years after the TJX debacle shook the retail industry, TJX reached a settlement with 41 US states that cost it $9.75 million. This is only part of the cost TJX is paying for ignoring its WiFi security. According to Reuters, the company is said to have set aside reserve fund of $107 million to cover losses. As a part of the settlement, TJX has agreed to meet “contemporary standards” of data security which includes upgrading its WiFi security.
This unprecedented security breach and the aftermath have, once again, brought to light the risks from unsecured WiFi networks. The PCI Security Standards Council responded well with new wireless security requirements in version 1.2 of its Data Security Standard (PCI DSS 1.2) . The intent is there. Let’s hope that the PCI guidelines get transfered from paper into practice and history does not repeat itself!
Kaustubh Phanse Best practices, Compliance, PCI, Wireless security PCI, TJX breach
Interesting post on CWNP back in March.
Douglas Haider compares the pros and cons of quarterly wireless vulnerability scanning vs. a full time wireless IPS to satisfy PCI DSS compliance requirement 11.1. Douglas writes:
“This requirement begs me to ask which is “better” option? Quarterly manual scans or a wireless IDS/IPS?
Maybe it’s the former IT auditor in me, but I think the best way to meet this requirement is by deploying a wireless IDS/IPS.
http://www.cwnp.com/community/articles/wireless_requirements_of_the_payment_card_industry.html
I agree, the goal of PCI is securing cardholder data than quarterly scanning can’t be taken seriously. Cost is obviously the biggest issue for merchants with multiple locations. But surely a hosted wireless scanning services with a low monthly fee would be cheaper AND provide round the clock security, wouldn’t it?
Hmmm… see my post AirTight on “Cloud Nine”.
Mike Baglietto Best practices, Compliance, PCI, Wireless scanning, Wireless security Overlay WIPS, PCI
