PCI and Beyond - How to Secure Data in the Most Cost Effective Manner
18 Pages Posted: 21 Jan 2009
Date Written: January 20, 2009
Abstract
The Payment Card Security Industry Data Security Standard (PCI DSS), US State and federal laws encourage and require businesses to encrypt consumers' computerized personal information and payment data. Most state data breach notice laws do not require businesses to notify their customers when customers' digital personal information has been stolen or lost if the information was encrypted.
A motivating factor that prompted many companies to implement data at rest encryption was the large amount of negative media attention garnered by stories of lost or stolen data. The type of asset compromised most frequently is online data. An alternative method of analyzing these results is to examine the number of records of sensitive data compromised for each asset. This view shows the same conclusion. This fact may be surprising to some given the frequent public reports of massive amounts of data at risk from lost or stolen laptops, back-up tapes, and other media.
Postponing some IT security projects could lead to risky business behaviors. Dealing with a breach is more expensive than preventing one. Regulations are requiring tighter security for more of your business information and organizations must learn how to protect their business information. PCI and PII (Personally Identifiable Information) data can be secured in the most cost effective manner by following the guidance in this article. The case study in this article is about an Enterprise Data Security project that addresses key areas of focus for file and database security encompassing all major platforms.
Keywords: Database Security, Cost Effective, Encryption, Privacy, VISA CISP, PCI, GLBA, HIPAA, SOX, SB1386
JEL Classification: O31
Suggested Citation: Suggested Citation