IT Security & Network Security News & Reviews: PCI DSS Spending to Rise as Businesses Buy In: Survey
PCI DSS Spending to Rise Businesses Buy In: Survey
by Brian Prince
Underscoring the findings from Verizon, the data from the Cisco-sponsored survey showed that 70 percent of the respondents felt their organization was more secure than it would be if PCI compliance was not required. In addition, 87 percent believe PCI requirements are necessary for protection cardholder information.
Spending to Rise
About 67 percent of those surveyed think their spending on PCI compliance will increase this year, something researchers say indicates positive executive and board buy-in. In addition, when asked if PCI-compliance projects can drive other network or network-security projects, 60 percent of respondents said yes.
How Money is Spent
Organizations are adopting technologies ahead of PCI-compliance directives. For example, 60 percent of the respondents were using point-to-point encryption to simplify their compliance efforts.
Betting on Virtualization
About 57 percent were satisfied with their current virtual-security posture, while 36 percent believe they need to increase the number of virtual-security appliances such as firewalls and intrusion-prevention systems to meet the requirements of PCI 2.0.
When asked about specific challenges to PCI DSS, 43 percent said educating employees on properly handling cardholder data was a problem, making it the most highly recognized challenge identified.Slide Six: Tracking and Monitoring DifficultiesTEXT: Of the 12 PCI requirements, tracking and monitoring access to network resources and cardholder data was mentioned by 37 percent as causing the most compliance issues. Thirty-two percent cited developing and maintaining secure systems and applications, while 30 percent said protecting stored cardholder data.
Tracking and Monitoring Difficulties
Of the 12 PCI requirements, tracking and monitoring access to network resources and cardholder data was mentioned by 37 percent as causing the most compliance issues. Thirty-two percent cited developing and maintaining secure systems and applications, while 30 percent said protecting stored cardholder data.
About 85 percent believed they would pass an assessment at the time of the survey, and 78 percent passed their previous initial assessment.
PCI 2.0 Awareness
More than 85 percent of respondents said they are aware of the clarifications and recommendations in the updated PCI DSS 2.0 standards.