In truth, compliance-based security rarely provides effective protection against determined attacks. This was clearly the case in the recent breaches of retailers Target, Neiman-Marcus, and Michaels Stores.
Compliance requirements like the Payment Card Industry (PCI) Data Security Standard (PCI/DSS) give the illusion of reasonable security. This is not to say that these requirements do not reduce risk -- because they certainly do. They are merely incomplete because they fail to provide flexibility or the means to adjust according to a company's true security needs. An effective information security program requires a framework that allows a company to adjust based upon both the risks faced by the company and the market vertical the company serves.
Read the full story at InformationWeek.
With 30 years of experience in the field of computer technology and information systems Tom Bowers has served as the chief architect for information security structures and protections in numerous industries. He brings a real-world, pragmatic approach to the business of ... View Full Bio