Employing Pci Compliance Programs As A Springboard For Enterprise Security And Business Enablement presented at SOURCE Boston 2009

by Ward Spangenburg,

Tags: Security Business Compliance

Summary : During this economic hardship, many organizations are buckling down and tightening their budgets. Unfortunately, this often means that organizations are reducing their proactive security spending, which is putting organizations and their customers at risk. However, because legislative and industry requirements for protecting sensitive data have become more stringent, compliance demands are on the rise. Companies are forced to continue spending money on PCI services to achieve and maintain compliance in order to prevent data loss, litigation, financial liabilities, government intervention, as well as avoiding tarnishing the brand and the company's reputation.
Departmental goals, while competitive for resources, are not divergent in their overall purpose and value they place in protecting the company's key institutional assets. This presentation will explore strategies that embattled security departments can utilize to leverage resources dedicated to PCI DSS initiatives to address broader security risks.
The Payment Card Industry Data Security Standard (PCI DSS) is increasing its acceptance as a broad set of good security practices that can be used as a baseline for an overall organizational security framework and program. While the specific focus of the PCI DSS is on credit card information, the breadth of the standard covers key areas of operational IT that need to be considered for a strong security stance; and efforts to achieve and maintain compliance with the PCI DSS can be extended to align with more wide-reaching enterprise risk management goals. In order to maintain PCI DSS compliancy, it is imperative companies invest in a comprehensive and overarching information security program.
To supplement this argument, the presentation will also compare the cost associated with vulnerability, exposures, and breaches to the cost of security services for several industries. This data enables security managers to easily quantify to their C-Level executives the value of security in regards to total savings and ROI.