IT Security & Network Security News & Reviews: PCI DSS Spending to Rise as Businesses Buy In: Survey

 
 
By Brian Prince  |  Posted 2011-01-12
 
 
 

PCI DSS Spending to Rise Businesses Buy In: Survey

by Brian Prince

PCI DSS Spending to Rise Businesses Buy In: Survey

Compliance Matters

Underscoring the findings from Verizon, the data from the Cisco-sponsored survey showed that 70 percent of the respondents felt their organization was more secure than it would be if PCI compliance was not required. In addition, 87 percent believe PCI requirements are necessary for protection cardholder information.

Compliance Matters

Spending to Rise

About 67 percent of those surveyed think their spending on PCI compliance will increase this year, something researchers say indicates positive executive and board buy-in. In addition, when asked if PCI-compliance projects can drive other network or network-security projects, 60 percent of respondents said yes.

Spending to Rise

How Money is Spent

Organizations are adopting technologies ahead of PCI-compliance directives. For example, 60 percent of the respondents were using point-to-point encryption to simplify their compliance efforts.

How Money is Spent

Betting on Virtualization

About 57 percent were satisfied with their current virtual-security posture, while 36 percent believe they need to increase the number of virtual-security appliances such as firewalls and intrusion-prevention systems to meet the requirements of PCI 2.0.

Betting on Virtualization

Educating Employees

When asked about specific challenges to PCI DSS, 43 percent said educating employees on properly handling cardholder data was a problem, making it the most highly recognized challenge identified.Slide Six: Tracking and Monitoring DifficultiesTEXT: Of the 12 PCI requirements, tracking and monitoring access to network resources and cardholder data was mentioned by 37 percent as causing the most compliance issues. Thirty-two percent cited developing and maintaining secure systems and applications, while 30 percent said protecting stored cardholder data.

Educating Employees

Tracking and Monitoring Difficulties

Of the 12 PCI requirements, tracking and monitoring access to network resources and cardholder data was mentioned by 37 percent as causing the most compliance issues. Thirty-two percent cited developing and maintaining secure systems and applications, while 30 percent said protecting stored cardholder data.

Tracking and Monitoring Difficulties

Current Posture

About 85 percent believed they would pass an assessment at the time of the survey, and 78 percent passed their previous initial assessment.

Current Posture

PCI 2.0 Awareness

More than 85 percent of respondents said they are aware of the clarifications and recommendations in the updated PCI DSS 2.0 standards.

PCI 2.0 Awareness

Rocket Fuel