Ok well I had to write about this at some point because it is constantly on the news and finally seems to be growing more and more awareness in todays society. That is the importance of Network Security and how lightly our government has been taking it for the last 15 years. Not only the governement not taking network security seriously but the private sector takes it even less seriously and they probably have some more vital information that could impact our every day lives.
The govnerment has finally started taking a stand on network security and is making some of the more vital private companies (like the power company) comply with their security standards. But all that aside I am going to focus on the more private companies that hold millions of credit card numbers on their servers and don’t even think about encrypting them or deleting them after they are not longer needed. I am sure everyone has heard of the TJMAX and another big companies computer network being comprimised and if you havn’t I will bring you up to speed.
TJMAX had a network breach and 45.7 credit and debit card numbers were stolen from their systems back in 2007. Now the more amazing one was Barnes and Nobel whos system were not technically breached but spyed in on. They were sending payment information when someone would make a purchase wirelessly to their servers. Well that wireless transmission was intercepted and captured by some people just sitting out side the store. Over the course of a week and quite a few different stores they were able to retreive quite a bit of Credit Card data.
So I have been rambling on about the TJMAX issue to hopfully prove a point and that any network that house sensitive data that could be used for terrorism or to finance terrorism should be held to the very minumum a set of security standards to protect that data.
All of the major Credit Card companies VISA being the main push have developed a PCI DSS (Payment Card Industry Data Security Standards). For more information on PCI DSS check out my other article PCI DSS Just the Beginning. But al new merchants have to be compliant with PCI DSS standards to be able to process credit cards, but existing merchants are under PCI DSS based on the number of transactions that they do a year. It is refreshing to see that the Credit Card companies are taking this issue more seriously than our government was.
I personally was involved in a 3 year half million down project to become PCI compliant with a very small company and I know how much work that was to get down in 3 years and not many companies see the benifit out weighing the cost.
So tell me what you think or if you have any opinion on this subject.