http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208
By Tracy Kitten
Bank Info Security
November 8, 2013
Security experts say they're pleased with many of the changes and additions in
this year's update to the Payment Card Industry's Data Security Standard and
the Application Data Security Standard. But they also note some glaring
omissions and express concern that neither standard has much enforcement action
behind it.
What they like about version 3.0 of the two standards, the first update since
2010, is the greater emphasis on third-party and payments processing risks and
more stringent security requirements for payment application developers. What
they don't like, however, is the update's lack of security requirements for
mobile payments and specific strategies for governance of ongoing risk
assessments and compliance enforcement.
The new version of the two standards were issued Nov. 7, but they don't take
effect until January and they won't be enforced until 2015 (see PCI Update:
Focus on Third-Party Risks).
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
