SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches.
From SC Magazine:
In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force, and stole 33,000 records. As data breaches go — judged by numbers alone — this is a drop in the bucket. But judging by extent of loss, the breach was expansive. The hackers stole the names, career information, birth dates, social security numbers, marital status, number of children and academic records of 33,000 Air Force Officers. Three years later, no one knows where the data went.
In June of this year, Section 6.6 of the PCI Data Security Standards (DSS) becomes mandatory. Online merchants that process credit card payments must either conduct a code review for their applications or install an application-layer firewall. The standard offers a choice, but there really isn’t any choice at all.
Read on.
