|
PCI Requirements to Action: Practical Guidance for More Efficient, Effective Compliance |
|
|
A More Rational Approach to Card Data Security
The Payment Card Industry Data Security Standard (PCI) is as notable for the guidance it offers as for that it omits. By parsing card data protection into a 12-step program, PCI represents an accessible security checklist—perhaps even a roadmap—for a reasonably complete information security practice.
Yet, by assuming much of the security- and risk-management context that provides efficiency and effectiveness in enterprise implementations, PCI leaves many opportunities for budgetary gaffes and breach events.
The question is not whether PCI can represent effective security (it can); but rather, how to make compliance make sense in the enterprise context. This paper supports integration of PCI into strategic risk- and security-management programs by providing:
-
An analytical perspective on PCI requirements
-
Concrete, experience-based advice on how to use PCI as a lever to build and advance the overall organizational security program
-
References to useful resources that support an integrated compliance approach
-
Translating PCI assessment requirements into implementable actions
This paper is a Truth to Power original resource, freely available to all registered members of the community. If you are not yet a member, please join now. It's free. |
Note: This resource is made possible by the support of Tripwire, Inc. T2P does not charge for research offerings and strictly observes vendor neutrality in all community publications (more about that here). Companies such as Tripwire support this model by underwriting our research efforts in exchange for the contact information of individuals who download the paper. We hope you agree that sharing your contact information is a good-value proposition for substantive guidance. However, if you do not wish us to share your information, do not access this resource.
|
Library 
