Over Half IT Professionals Unsure re Data Security
|
54% of IT professionals believe that their companies are not entirely clear about data security requirements, for Payment Card Industry (PCI) Data Security Standard. The standard is due to take effect today (30 June 2005). The standard applies to companies that annually process moer than 20,000 Visa transactions annually. The results are from a survey data security firm, Protegrity. This level of perceived ignorance is also displayed towards regulatory requirements such as Sarbanes-Oxley, HIPAA and California SB 1386. Despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security. Not surprisingly, 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place. This data demonstrates why we're seeing headlines about data thefts, said Gordon Rapkin, CEO of Protegrity. "Many companies are confused about the requirements themselves. Others are overwhelmed by the prospect of putting together a cohesive strategy that encompasses the entire enterprise. And a few are still thinking 'it will never happen to us.' " California's SB1386 requires companies to inform consumers any breach in data security when sensitive data is not encrypted. The 12 requirements of the PCI Standard, adopted by Visa and MasterCard, as well as other major credit card companies, range from encrypting transmission of cardholder data and sensitive information across public networks to restricting physical access to cardholder data to maintaining a security policy that addresses data security. By not complying with these requirements, companies risk hefty fines as well as the revocation of rights to handle credit card transactions.
|
Related Articles
Similar Areas Selected Books Keywords
|