Compliance standards such as the Payment Card Industry (PCI) Data Security Standard have sought to mandate that certain security measures be taken to ensure data protection. 2 Yet, the latest exposure of millions of credit and debit card numbers by Hannaford Bros., a grocery chain with 271 locations in New England and Florida, shows that the value of PCI compliance may not mean much when it comes to securing computer networks. 3 Approximately 4.2 million credit card numbers were exposed, and the fraud cases associated with this breach have reached 1 800 thus far. Even a bank as large as France's SociΓ©tΓ© GΓ©nΓ©rale, with presumed security controls in place to prevent such an occurrence, allowed a rogue trader to lose $7 billion through fraudulent trading. 4 Although these examples illustrate a wide variety of security issues, the solution is not going to come from new security products. In the manufacturing industry, Motorola developed a set of practices known as Six Sigma,
It's the software, stupid
Ed Ray, information risk strategist, Getronics
According to the 2005 US Federal Bureau of Investigation (FBI) Computer
Crime Survey 1 (see Figure 1), 98% of enterprises in the United States deploy antivirus software on their systems and 91% also use perimeter firewalls. The survey also indicated that 84% of enterprises were attacked by worms or viruses, and 79% experienced spyware penetration. These statistics show that attacks persist despite employing the best protection measures.