Independent paper puts card-data security requirements in perspective with time- and budget-saving advice on executing an integrated compliance program A new white paper released by the Truth to Power research community offers rare, hype-free insight some of the toughest provisions of the Payment Card Industry (PCI) Data Security Standard.
The paper, entitled "PCI: Requirements to Action," combines procedural analysis of compliance requirements with managerial advice for integrating PCI into a comprehensive information risk management program. The paper includes specific recommendations for encryption, network segmentation, log management, and other key information security challenges that continue to thwart merchant compliance.
Elements of "PCI: Requirements to Action":
- Procedural checklist for compliance with each PCI section
- Practical steps for avoiding common misconceptions and pitfalls of PCI compliance
- Guidance on leveraging PCI to improve the overall enterprise information security program
- Must-read references for information security strategy and execution
"The PCI DSS is effectively a security primer," says Cass Brewer, founder of the Truth to Power research community, "It contains the fundamentals of a robust security program, but it lacks a management component and it’s geared towards audit, not implementation. ‘PCI: Requirements to Action’ seeks to fill some of these gaps by providing an insider’s guide to putting PCI’s security controls in place and making them work—efficiently—within the company’s broader information security program."
"PCI: Requirements to Action – Practical Guidance for More Efficient, Effective Compliance" is available for free download at http://www.t2pa.com/pci-research.
Open Research and Information Governance Resources
"PCI: Requirements to Action" embodies Truth to Power’s mission to build a common platform of practical knowledge, research, tools, and advice for information governance, risk management, and compliance.
By approaching practices such as compliance, data management, e-discovery, project management, and performance management in terms of process and information governance, T2P helps organizational leaders find the commonalities and optimization opportunities that span conventional business practices and operational roles.
Other Truth to Power resources include:
- Control and Risk Calculator: an interactive tool for assessing the effectiveness of internal controls and prioritizing IT investments.
- IT Policy Templates Wiki: an open, collaborative repository of customizable policies for information security, data management, change management, and more.
- T2P Rules & Standards Hub: a knowledgebase of more than 100 guidance documents information security, records management, IT auditing, IT investment management, and more
- Filtered Technology News Feeds: Daily categorized news updates, vetted and filtered for relevance and utility from hundreds of global news sources.
All T2P resources are free, many are collaborative, and each is vetted against hype and bias.
— About the Truth to Power Information Governance Research Community
Founded on the principles of knowledge, utility, credibility, and community, Truth to Power, LLC provides critical information resources for humans and machines. T2P’s guiding principles are: 1) To provide genuinely useful, unbiased business research and resources that help businesses reduce operational costs and uncover capital opportunities; 2) To reveal alignment between siloed business disciplines, organizations, frameworks, and practices; and 3) to enable and encourage community members to share practical experience and expertise towards a common good. Membership and resources are free. Be a part of Truth to Power at http://www.t2pa.com/.