Page 9 - Cyber Warnings
P. 9
Card Payment Merchants are mandated to comply with the Payment Card Industry Data
Security Standard, or PCI DSS, which outlines a series of 12 requirements for the operation of
cyber security controls.
These include vulnerability management, secure application design and testing, data encryption
and breach detection technology, such as file integrity monitoring and event log analysis.
What are the key action points for Information Security teams in the banking sector?
In common with the PCI DSS, layered security best practices are needed to defend effectively
against the entire range of insider threats, malware and phishing.
Systems must be hardened to reduce the ‘attack surface’ presented by systems, and this must
be underpinned by regimented patching with tight change control to better highlight the smoking
gun of a breach - unexpected system changes.
Internal segmentation of networked systems will help compartmentalize any malware infiltration.
And because no system can ever be truly 100% secure, breach detection is critical.
Seems that when it comes to security, as with most other things in life, history tells us
everything we need to know.
About the Author
Mark Kedgley is Chief Technical Officer at New Net Technologies
(NNT) where he is responsible for driving ongoing product
development; his primary objective being to continually push
NNT’s data security and compliance solutions to protect their
customers’ sensitive data against security threats and network
breaches in the most efficient and cost effective manner, whilst
being easier to use than anything else out there in the market.
Mark has been CTO at NNT since 2009, and has over 20 years’ experience in IT business
development and sales. Mark combines a visionary yet pragmatic approach to IT: combining not
just the ability to analyse business issues and scope technological solutions to address needs,
but to also deliver product that is both fit-for-purpose and future-proof.
9 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
