News & Commentary

11:53 AM
Tom Bowers
Tom Bowers
Commentary
50%
50%

Finding The Balance Between Compliance & Security

IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Here's how.

In truth, compliance-based security rarely provides effective protection against determined attacks. This was clearly the case in the recent breaches of retailers Target, Neiman-Marcus, and Michaels Stores.

Compliance requirements like the Payment Card Industry (PCI) Data Security Standard (PCI/DSS) give the illusion of reasonable security. This is not to say that these requirements do not reduce risk -- because they certainly do. They are merely incomplete because they fail to provide flexibility or the means to adjust according to a company's true security needs. An effective information security program requires a framework that allows a company to adjust based upon both the risks faced by the company and the market vertical the company serves.

Read the full story at InformationWeek.

With 30 years of experience in the field of computer technology and information systems Tom Bowers has served as the chief architect for information security structures and protections in numerous industries. He brings a real-world, pragmatic approach to the business of ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
New IT Models for New Financial Services Challenges