PCI-DSS Version 4 Is In The Works—What Impact Might It Have On Security Operations And The Business' Bottom Line | A One-On-One With Mitch Parker


Manage episode 279032510 series 1535672
By ITSPmagazine Podcast, Marco Ciappelli, and Sean Martin. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?

There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.

This probably makes sense to many reading this. But what's missing from this equation? More than you may think.

To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.

There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.

Mitch Parker, CISO, Indiana University Health (@mitchparkerciso on Twitter)


3 blogs related to the pending v4 PCI-DSS standard:

This Episode’s Sponsors:

Nintex: https://itspm.ag/itspntweb

Imperva: https://itspm.ag/imperva277117988

To see and hear more Redefining Security content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

826 episodes