PCI-DSS Version 4 Is In The Works—What Impact Might It Have On Security Operations And The Business' Bottom Line | A One-On-One With Mitch Parker
Manage episode 279032510 series 1535672
Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?
There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.
This probably makes sense to many reading this. But what's missing from this equation? More than you may think.
To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.
There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.
3 blogs related to the pending v4 PCI-DSS standard:
This Episode’s Sponsors:
To see and hear more Redefining Security content on ITSPmagazine, visit:
Are you interested in sponsoring an ITSPmagazine Channel?