Security Management Strategies for the CIOAccess "Robust information security program key to PCI compliance requirements"
This article is part of the May 2011 issue of Comprehensive information security programs vital for PCI compliance
Every day, compliance professionals make determined efforts to satisfy the litany of laws, regulations, and policy mandates that make up the information security world, all while fending off relentless attempts by faceless enemies with limited resources and varying degrees of institutional support. And yet, in this eternal pursuit of the two illusive (if not entirely theoretical) goals of data security and security compliance, there are common mistakes that tend to trip people up. For those that are subject to PCI compliance requirements, at least PCI DSS provides some specific, if not prescriptive, requirements for internal systems and structures. But, it doesn’t provide the framework for a security program. There are practical ways for organizations to build on those technical specifications and focus their efforts on satisfying their compliance mandate, as well as building a robust, comprehensive information security program. One of the most important points to realize is that “compliant” does not mean “secure.” This is often said, but it bears ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
Companies should revisit streamlined global data operations with an eye toward revamping compliance.
-
Robust information security program key to PCI compliance requirements
by Eric Holmquist
A strong information security program that goes beyond minimum standards will ease compliance.
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
-
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.
-
Smartphone encryption, authentication ease mobile management
by Robert Westervelt, News Director
New security tools allow companies to extend encryption and authentication to mobile devices.
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
-
Columns
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
There’s growing demand for information security professionals, but where will these skilled people come from?
-
Information security job titles: Irrelevant to your career
by Lee Kushner and Mike Murray
Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.
-
Breaches highlight need for better employee security awareness training
by Marcia Savage, Editor
Companies need to improve their employee security awareness training to fight today’s threats.
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...