Home > Best practices, Compliance, PCI, Wireless scanning, Wireless security > Wireless PCI scanning debate

Wireless PCI scanning debate

June 20th, 2009
Goto comments Leave a comment

Interesting post on CWNP back in March. 

Douglas Haider compares the pros and cons of quarterly wireless vulnerability scanning vs. a full time wireless IPS to satisfy PCI DSS compliance requirement 11.1.  Douglas writes:

“This requirement begs me to ask which is “better” option?  Quarterly manual scans or a wireless IDS/IPS?   

Maybe it’s the former IT auditor in me, but I think the best way to meet this requirement is by deploying a wireless IDS/IPS. 

http://www.cwnp.com/community/articles/wireless_requirements_of_the_payment_card_industry.html

I agree, the goal of PCI is securing cardholder data than quarterly scanning can’t be taken seriously.  Cost is obviously the biggest issue for merchants with multiple locations.  But surely a hosted wireless scanning services with a low monthly fee would be cheaper AND provide round the clock security, wouldn’t it?  

Hmmm… see my post AirTight on “Cloud Nine”.

Post to Twitter Post to Yahoo Buzz Post to Delicious Post to Digg Post to Ping.fm Post to Reddit Post to StumbleUpon

Mike Baglietto Best practices, Compliance, PCI, Wireless scanning, Wireless security ,

  1. No comments yet.
  1. No trackbacks yet.