This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
PCI DSS 4.0 Requirements – Protect from Malicious Software and Maintain Secure Systems and Software
We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in Requirement 5 of the new 4.0 version of the Payment Card Industry Data Security Standard (PCI DSS).
Ian Thornton-Trump, who has experience in both military intelligence, as well as corporate environments, sees profound impacts from the new requirement. Requirement 5 is titled: “Protect All Systems and Networks from Malicious Software.” This requirement flows along the same path as the previous version of the Standard, however, the PCI Security Standards Council (SSC) also anticipates that attackers are going to move to more targeted, as well as automated methods. This requires a similar, targeted and automated response to protect organizations.