Analyst: PCI Security a Devil, 'Like No Child Left Behind'

BOSTON -- By obsessing about PCI security compliance and spending money on overly complex and underperforming defenses, companies are ignoring risk management and making themselves a target of state-sponsored cyber villains.

That was one of the main messages delivered by Joshua Corman, research director for enterprise security at The 451 Group, during that firm's 4th Annual Client Performance Conference Wednesday morning.

"Organizations have made PCI DSS and compliance in general the basis of their information security policies," he said. "They're basing security on sloppy logic from Visa and MasterCard and in the process are ignoring some very bad state-sponsored threats. As a community, we have not evolved at all."

He compared PCI DSS to No Child Left Behind, the education reform law championed by former President George W. Bush. The law has been criticized by some who believe it has stifled innovation in education and focused too much on standardized testing. CSO Online