PCI Compliance — More Than Just a Tick Box Exercise?
“Compliance” is sometimes considered a dirty word in the information security world, particularly when companies take a “tick box” or “check box” approach to achieving it before an audit instead of treating continuous compliance as a part of business as usual. Infosec expert and ‘cynic’ Javvad Malik interviews Neira Jones (@NeiraJones on Twitter), Head of Payment Security at Barclaycard, during Infosecurity Europe conference. Ms. Jones believes that compliance should be a natural byproduct of good risk management and information security practice. Watch this video to find out why she believes that the PCI DSS Standard is the best set of data security controls currently available.
More coverage on this information security event including interviews on risk management, compliance, incident detection and the evolving role of the CISO can be found on this Infosecurity Europe playlist.
Last year I worked with industry experts to identify where compliance and data protection overlap. This is also an interesting webcast on the transition from compliance to security: making PCI earn its keep.
Hasta pronto,
Checklist image via Shutterstock
Tags: Infosecurity Europe, IT Security and Data Protection, PCI, PCI DSS, Regulatory Compliance, Risk management
Categories: IT Security and Data Protection, PCI, Regulatory Compliance, Risk Management
This post was written by…
