Cyber Security Institute
Wednesday, August 11, 2010
Small And Midsize Businesses Look For Ways To Cut Compliance Costs
According to The 451 Group, an IT security analyst firm, there are nine different security technologies required for PCI compliance alone: antivirus, firewalls, intrusion detection systems, encryption for data at rest, file integrity, log management, multifactor authentication, a Web application firewall (or a security development lifecycle), and a vulnerability management solution. Then there are the services: a qualified security assessor, an approved scanning vendor, and in the case of a breach, the qualified incident response assessor. For small and medium businesses, the costs can be overwhelming, says Joshua Corman, research director for The 451 Group’s security practice.