Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

HIGH PROFILE DATA BREACHES SIGNIFY IMPORTANCE OF PUTTING SECURITY AHEAD OF COMPLIANCE

Richard Hibbert CEO SureC

Published : , on

By Richard Hibbert, CEO, SureCloud

In recent weeks there have been a number of data breach stories here in the UK and in North America.   UK travel insurance provider Staysure revealed that around 93,000 customers may be affected after sensitive bank card details were thought to have been stolen as a result of an IT security breach. At the end of January the US arts and crafts retailer Michaels revealed it was the latest retailer to investigate a possible credit card leak. Other breaches occurred at Neiman Marcus and Target where it is thought that personal data for as many as 110 million customers was leaked.

Richard Hibbert, CEO, SureCloud

Richard Hibbert, CEO, SureCloud

The IT Governance website claims it is clear that in Staysure’s case the organisation was not PCI DSS compliant at the time of the breach because PCI DSS does not allow sensitive authentication data to be stored post authorisation.  A key issue to bear in mind is that PCI DSS compliance only requires a single compliance assessment each year.  The assessment merely represents a snapshot in time, a valid judgment made at a single point during a twelve month period and not a guarantee of compliance the following day. There is plenty of evidence to show that many data breaches occur sometime after a successful PCI DSS audit.

Unfortunately many compliance solutions on the market today are expensive, take a long time to implement and require organisations to completely overhaul their in-house processes.  For this reason many organisations are making do with home-grown systems based on spreadsheets to manage compliance programmes such as PCI DSS. Yet a spreadsheet-based approach has many shortcomings including a lack of central visibility or control over the compliance process, burdening skilled compliance and risk personnel with manual process administration and insufficient insight into trends and anomalies to support business decisions.  In many cases it’s all about the pursuit of compliance for compliance’s sake instead of focusing on making security the first priority.  Data breaches such as those mentioned above highlight that organisations in the 21st century need something better than spreadsheets for managing their security processes.

SureCloud advocates a continuous approach to information security where the primary focus is to improve the security of an organisation’s infrastructure and applications, rather than a “tick box” compliance exercise. A continuous approach to compliance puts controls at the centre of the compliance programme, rather than an annual audit, where control activity is performed and monitored throughout the calendar year. This approach provides real-time visibility of the organisation’s compliance status – the net effect being more merchants incorporating PCI DSS compliance into their business-as-usual (BAU) practices and importantly improving the organisation’s security posture.

About SureCloud®:

SureCloud helps to automate any IT Governance, Risk and Compliance (GRC) process, such as Compliance Audits, Policy Management, Risk Assessments or Third Party Assurance programmes. The SureCloud® Platform supports an agile approach to implementation and per user pricing, dramatically reducing the total cost of ownership. Established in 2006, SureCloud is a British company based in Reading, Berks, with more than 300 customers throughout the UK from the Retail, Financial Services and Government sectors, including a large number of local authorities. For further information please visit www.surecloud.com.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post