PCI Compliance — More Than Just a Tick Box Exercise?
“Compliance” is sometimes considered a dirty word in the information security world, particularly when companies take a “tick box” or “check box” approach to achieving it before an audit instead of treating continuous compliance as a part of business as usual. Infosec expert and ‘cynic’ Javvad Malik interviews Neira Jones (@NeiraJones on Twitter), Head of Payment Security at Barclaycard, during Infosecurity Europe conference. Ms. Jones believes that compliance should be a natural byproduct of good risk management and information security practice. Watch this video to find out why she believes that the PCI DSS Standard is the best set of data security controls currently available.
More coverage on this information security event including interviews on risk management, compliance, incident detection and the evolving role of the CISO can be found on this Infosecurity Europe playlist.
Last year I worked with industry experts to identify where compliance and data protection overlap. This is also an interesting webcast on the transition from compliance to security: making PCI earn its keep.
Checklist image via Shutterstock