We often get asked: If an organization has passed its PCI compliance requirements for accepting credit cards, is there really a need for more security and compliance? The answer is yes!
While the PCI architecture and requirements heavily overlap network security issues, a network security audit is going to take a deeper look into how you utilize the technology you own. Most businesses typically need to conduct a network security audit at the same time they conduct a PCI audit.
The PCI regulations have gone a long way toward making every business that accepts credit cards more secure; it’s a threat to the payment industry to have unsecured businesses responsible for millions in fraudulent charges.
A good network security audit — carried out at the same time as your PCI audit — typically provides for a balanced scale when weighing security and functionality.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.