{"title":"Incident response and compliance: A case study of the recent attacks","authors":"Jeff Tutton","doi":"10.1016/j.istr.2011.02.001","DOIUrl":null,"url":null,"abstract":"<div><p>Recent security related events, including attacks have highlighted the need for a complete Information Security strategy, beyond simply focusing on compliance. Compliance is the minimum set of requirements that an organization should use for measuring security. Because compliance standards such as PCI-DSS (Payment Card Industry-Data Security Standard) focus solely upon credit card data, maintaining only to this minimum standard may cause an organization to lose focus on the big picture. What other sensitive and critical data and systems are you responsible for? This article focuses on the following: PCI standard and reasons to not use a “check-box QSA” to obtain more value during the compliance review; the costs of non-compliance and a data breach; and outlines the lessons learned from the recent attacks starting in December 2010.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 4","pages":"Pages 145-149"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2011.02.001","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412711000124","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
Recent security related events, including attacks have highlighted the need for a complete Information Security strategy, beyond simply focusing on compliance. Compliance is the minimum set of requirements that an organization should use for measuring security. Because compliance standards such as PCI-DSS (Payment Card Industry-Data Security Standard) focus solely upon credit card data, maintaining only to this minimum standard may cause an organization to lose focus on the big picture. What other sensitive and critical data and systems are you responsible for? This article focuses on the following: PCI standard and reasons to not use a “check-box QSA” to obtain more value during the compliance review; the costs of non-compliance and a data breach; and outlines the lessons learned from the recent attacks starting in December 2010.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
