If you’re getting stressed about the new PCI compliance requirements that have yet to be announced, don’t worry, there is a way you can prepare, said Branden R. Williams (@BrandenWilliams), co-author of “PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance” (along with Dr. Anton Chuvakin) in our conversation at the 2013 RSA Conference in San Francisco.
Here are Williams’ tips on how you can ahead of the game and be ready for the new PCI requirements:
Good foundational security plans: Whether it’s based on ISO 27000 or something else similar, that’s going to get you 90 to 95 percent of the way to PCI compliance.
Build a solid foundation around cloud and mobile: The guidance in these two areas is pretty weak, so as you’re heading down those roads think about the fundamentals of PCI so you won’t get smacked in the head with a requirement you weren’t ready for.
Consider outsourcing: The amount of money you spend to maintain those compliance programs, you might just want to make it somebody else’s problem. So as not to create a new PCI compliance headache for yourself, just follow your contracts.
Watch out for tertiary projects becoming mainstream business: Many of these side projects, such as mobile sales, start out as marketing projects. Now these little projects have become so successful that they’ve become core to how the business operates. Because of where they originated they may have not gone through the same series of IT processes and controls. It’s time to send them through the ringer.
Image courtesy of ShutterStock