Cyber security needs to change
Queen’s University computer security expert David Skillicorn says it’s time for cyber security experts to reform the way they operate in light of the MasterCard and Visa data breach announced on Friday.
“Cyber security is still stuck using a castle model – put a wall around important systems that makes it hard to get in. The problem with this model is that, if someone does get in, they have the run of the systems,” says Dr. Skillicorn, a professor in the Queen's School of Computing. “Modern cyber security needs to start from the premise that bad guys are going to get in, and take steps to make sure that when they do, they still can't do much damage. The PCI DSS Security Standards Council rules for credit-card processing security require intermediaries to take steps to protect customer data' The obvious way to do this would be to encrypt it internally. From the response to this breach, it appears that Global Partners (the card processing company involved with the MasterCard/Visa) did not do this. The industry attitude to the PCI DSS rules seems to be to treat them as the minimal set of boxes to be ticked rather than as guidelines for building secure systems.”
To arrange an interview, please contact communication officers Michael Onesi (office: 613.533.6000 ext. 77513, firstname.lastname@example.org) or Anne Craig (office: 613-533-2877, Anne.Craig@queensu.ca) at Queen’s University News and Media Services Department in Kingston, Ont., Canada.
Follow Queen’s News and Media Services on Twitter: http://twitter.com/QueensuMedia
Attention broadcasters: Queen’s has facilities to provide broadcast quality audio and video feeds. For television interviews, we can provide a live, real-time double ender from Kingston via fibre optic cable. Please call for details.