LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices


Reply
  Search this Thread
Old 01-21-2011, 07:50 PM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 127,856

Rep: Reputation: 118Reputation: 118
LXer: The Importance of Isolation


Published at LXer:

When it comes to PCI compliance, there's no such thing as "too careful." One of the keys to being careful enough? Isolating and protecting servers that handle cardholder data from the rest of your network. You already know that you need to keep systems holding cardholder data secure and prevent access from outside your network. But there's more to it than that — PCI-compliant systems should be isolated from the rest of the company's systems as well. Businesses have a range of systems and networks, and the access and policies that go with the various systems should reflect their importance and sensitivity of the data held on the systems.

Read More...
 
Old 01-21-2011, 08:18 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
The real question is what justification do businesses have in keeping confidential credit card information. They don't need it to do business. I know. I used to accept credit card payments from my customers. Once the information was sent to my credit card service provider I didn't need to know the credit card information, even for recurring payments.

The fact is that most businesses keep confidential information about their customers without any business need to do so. They want to have that information for their benefit, not for their customers' benefit. They can use that information to track customer purchases to be used to create targeted advertising and other frivolous business objectives.

In the many years that I worked in a variety of businesses my experience is that managers don't care about security. Managers don't care about the consequences of security breaches. Managers live each day by the probability that nothing bad will happen on their watch so they don't want to hear about proactive resolution of security weaknesses. I have worked in many businesses as a contract employee so I've met a lot of business managers. I've never met one that had the least interest in the best interest of the business or in the best interest of the business' customers.

Security audits are a joke. I have experienced several of these for institutions such as a mortgage underwriter and a mutual fund company. I can tell you that the people sent from an outside consulting firm to perform the security audit had no idea what they were doing. I could have told them anything and they could not have proved me wrong because they were completely incompetent. All they were interested in was checking boxes next to line items on their list.

Then there is the irresolvable problem of the employee who is authorized to access the sensitive information but one day decides that he hates his job. The authorized employee brings a portable data storage device to work and copies all of the sensitive customer information onto his portable disk. Once that information leaves the building it cannot be retrieved. The belligerent employee posts that information on an IRC chat line and the game is lost.

Merchants should be prohibited by law from keeping credit card information. There should be stiff penalties for the managers of businesses that keep confidential customer information.
 
Old 01-22-2011, 07:35 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
In the many years that I worked in a variety of businesses my experience is that managers don't care about security. Managers don't care about the consequences of security breaches. Managers live each day by the probability that nothing bad will happen on their watch so they don't want to hear about proactive resolution of security weaknesses. I have worked in many businesses as a contract employee so I've met a lot of business managers. I've never met one that had the least interest in the best interest of the business or in the best interest of the business' customers.
You are sooooooooo right about this. And it isn't just middle managers, it extends all the way up into most C-suites. Why? Because so many of them are paid/evaluated by quarterly results, and security absolutely never figures into that. As long as those quarterly revenue expectations are met, everything is hunky-dory.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu and the importance of community LXer Syndicated Linux News 0 08-10-2010 05:40 PM
LXer: Importance of Community in FOSS LXer Syndicated Linux News 0 10-12-2007 08:00 AM
LXer: The Importance of Software Localization LXer Syndicated Linux News 0 04-16-2007 05:31 AM
LXer: Java EE isolation levels with the Spring framework LXer Syndicated Linux News 0 10-30-2006 12:54 AM
LXer: The Increasing Importance of Community LXer Syndicated Linux News 0 05-03-2006 12:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 05:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration