INBOX
Data Security
Data Security is a topic that is near and dear to my heart. I did a presentation for SEEMUG ( Southeast Erwin Modelers Users Group) a few years back where to topic was data as an asset to be protected and the case study I used was TJX (TJ Max and their subsidiaries) This link http://www.networkworld.com/columnists/2007/012207-bradner.html is an good primer article about the event. The author, Scott Bradner, of Network World gives a cursory explanation of the PCI (Payment Card Industry) security standards. The main point in the article is that there were 3 parties that share responsibility for a breach that is believed to have compromised over 40 million credit card numbers at an estimated cost of 7.2 billion dollars in damages. The author believes that the thieves of commission were the actual people that breached TJX’s non-compliant network and stole the numbers. But, he believe that there is also equal blame for the extremely lax network and data security employed by TJX and the lax enforcement by Fifth Third Bank, TJX’s acquiring bank. The acquiring back is the back that secures the funds for TJX from the credit card transaction and is the entity, according to the PCI standard, that is responsible for insuring compliance. Since the breach in 2006, most large companies have taken many extra precautions to insure that all PCI specification are met. At the company I work for, twice a year, I review all data warehouse databases to insure that there is no sensitive data stored in any of the reporting databases.
No comments:
Post a Comment