在一项最全面的PCI相关调查中,我们发现了一些非常有趣的结果。思科委托500家美国公司进行了一项调查,询问了IT决策者有关他们的PCI合规工作的问题。该调查涵盖了医疗、零售、教育、政府和金融等广泛的垂直行业。超过22%的受访企业拥有超过10,000名员工,49%的企业规模超过1000名员工。超过43%的受访者是一级或二级商人。此外,样本量只包括员工人数在100人或100人以上的企业。有了这种类型的样本量,调查结果应该可以很好地了解范围业务中的大多数PCI如何看待PCI遵从性。以下是我发现的最有趣的结果,在某些情况下甚至是非常惊人的。85%的受访者表示,如果现在完成,他们对现有的网络基础设施通过PCI审核感到满意。这是一个惊人的高数字,令我感到惊讶。 This indicates that those responsible for compliance at these companies feel that not only can they pass an audit once a year, but are also confident that they have the processes in place to be able to maintain their security posture so they can pass a spot check PCI audit. This result differs significantly from what I would have predicted it to be. But when we dig in deeper, we see that 60% of those surveyed have never had to pass a PCI audit done by a Qualified Security Assessor (QSA). Instead, they have been doing a self-assessment questionnaire audit. Very interesting. 70% said that becoming PCI compliant has made their company more secure. 15% said that they already did what PCI recommended and 10% said PCI does not make them more secure. Additionally, 67% said that they will be increasing spending for PCI compliance in the next year with only 1% saying their spending will decrease dramatically. I found it very interesting that these numbers between making them more secure and increased spending for next year lined up so nicely. It was also a surprise that 10% of folks thought that PCI did not make them more secure. How that can be true I'm scratching my head on. Only 13% of those surveyed said that their general sentiment regarding PCI was negative in nature. With all of the grumbling about PCI I've heard over the years this is not only surprising but great news. It means that most agree that yeah it’s a burden but it's worth doing. Only 14% said they were not versed in the new PCI 2.0 standard changes. This is unexpectedly high and also great news. I think it speaks to the excellent marketing and education that the PCI council and the PCI community have done around PCI 2.0. There are of course many other questions and results on the Cisco PCI survey so be sure to check it out for yourself here http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns625/cisco_industry_pci_compliance.pdf If you have any PCI or survey questions please post them
在此提出的意见和信息是我个人的意见,而不是我的雇主。我绝不是我雇主的官方发言人。
Jamey Heary报道: 信用卡欺诈:小偷如何在你不知情的情况下窃取你的信用卡信息 谷歌Nexus One vs.十大手机安全要求 为什么你总是撕碎你的登机牌 视频租赁记录提供了比你的在线数据更多的隐私保护 关于新的SSL攻击的真相 2009年度IT安全最佳城市传奇去 杰米的博客 参阅更多有关安全的文章。*
*
*
*
*
*