PCI and Beyond - How to Secure Data in the Most Cost Effective Manner

18 Pages Posted: 21 Jan 2009

Date Written: January 20, 2009

Abstract

The Payment Card Security Industry Data Security Standard (PCI DSS), US State and federal laws encourage and require businesses to encrypt consumers' computerized personal information and payment data. Most state data breach notice laws do not require businesses to notify their customers when customers' digital personal information has been stolen or lost if the information was encrypted.

A motivating factor that prompted many companies to implement data at rest encryption was the large amount of negative media attention garnered by stories of lost or stolen data. The type of asset compromised most frequently is online data. An alternative method of analyzing these results is to examine the number of records of sensitive data compromised for each asset. This view shows the same conclusion. This fact may be surprising to some given the frequent public reports of massive amounts of data at risk from lost or stolen laptops, back-up tapes, and other media.

Postponing some IT security projects could lead to risky business behaviors. Dealing with a breach is more expensive than preventing one. Regulations are requiring tighter security for more of your business information and organizations must learn how to protect their business information. PCI and PII (Personally Identifiable Information) data can be secured in the most cost effective manner by following the guidance in this article. The case study in this article is about an Enterprise Data Security project that addresses key areas of focus for file and database security encompassing all major platforms.

Keywords: Database Security, Cost Effective, Encryption, Privacy, VISA CISP, PCI, GLBA, HIPAA, SOX, SB1386

JEL Classification: O31

Suggested Citation

Mattsson, Ulf T., PCI and Beyond - How to Secure Data in the Most Cost Effective Manner (January 20, 2009). Available at SSRN: https://ssrn.com/abstract=1330466 or http://dx.doi.org/10.2139/ssrn.1330466

Ulf T. Mattsson (Contact Author)

Protegrity Corp. ( email )

One Cantebury Green
Stamford, CT 06901
United States

HOME PAGE: http://www.ulfmattsson.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
230
Abstract Views
1,536
Rank
260,307
PlumX Metrics