Computer Security Awareness Training

I read a great article today on CIO.com by Dave Taylor, founder of PCI Knowledge Base, which gave a fresh look to Payment Card Industry Data Security Standard (PCI DSS) Compliance.

In his “Guide to Practical PCI Compliance,” Dave provides some great ideas for re-visiting PCI DSS in a way that will resonate with the Executive team.

His first suggestion is, “Connect PCI compliance to fraud and risk management.” It is important to demonstrate that security spending is actually resulting in reduced fraud rates. In order to be effective, the right data needs to be collected.

Second, Dave suggests introduce new sales channels like mobile payment. If consumers can buy products from their cell phones and mobile devices, it will provide both a new revenue stream, and open the conversation of securing the payments. As he points out, “Most boards would welcome a tempered presentation on how to effectively secure and integrate the mobile payment process into the business.”

Finally, consider outsourcing. Payment outsourcing will reduce risk and cost, thus reducing the PCI DSS Compliance scope and making it more attractive. A presentation of the pros and cons for this strategy would be, in Dave’s words, “worthy of a trip to the boardroom.”

Subscribe to the CyberSecurity Training and Awareness blog to be the first to learn about future PCI DSS Compliance news and PCI DSS Training solutions.