The Payment Card Industry Data Security Standard (PCI DSS) provides data protection requirements for organizations that process card payments. These requirements have even been adopted as law by some US states (e.g., Minnesota, Nevada, Washington). While organizations that fully comply with PCI DSS are considered compliant credit-card processors, compliance and security are not one in the same.
An organization can be breached without cardholder data being compromised, but there are other valuable items in the companies possession – customer PII, strategic information, patents and innovations, as well as reputation and trust – that can be equally or more costly to lose.
What is the difference between compliance and security? And how can organizations effectively think more broadly about risk and security that drives an approach PCI DSS compliance and beyond to ensure the security and control of all their critical information? In this IT GRC Forum webinar, Michael Rasmussen of Corporate Integrity and Dave Wallace from Chase Paymentech will examine:
- How the threat landscape is indeed dynamic, but the effective system exploits remain the same as in the late 90s.
- Why the COMPLIANCE environment hasn't changed much – the same threats are still valid, and the same vulnerabilities are still being exploited.
- How developing and implementing an effective risk and security program can serve as a catalyst for achieving multiple forms of compliance - including PCI DSS
- Critical elements to achieving effective and efficient security that addresses PCI DSS compliance
Speaker's: Michael Rasmussen, President of Corporate Integrity; Dave Wallace, Chase Paymentech.
Speaker BIO's
Michael Rasmussen is the President of Corporate Integrity, LLC.
He is the authority in understanding Governance, Risk, and Compliance (GRC). He is a sought-after keynote speaker, author, and collaborator on GRC issues around the world and is noted for being the first analyst to define and model the GRC market for technology and professional services. With more than 15 years of experience, Michael's objective is to assist organizations in defining GRC processes that are sustainable, consistent, efficient, and transparent.
David Wallace is the Group Manager of Security Standards Compliance at Chase Paymentech.
With 27 years of experience in the Information Technology (IT) industry and 12years of information security management experience, David Wallace serves as Group Manager for Chase Paymentech's Security Standards Compliance team. In his role, Wallace is responsible for managing data security compliance for Chase Paymentech's merchant portfolio and advising merchants about the Payment Card Industry (PCI) security standards. He is also a frequent speaker at regional, national and international information security conferences including the RSA Conference and Computer Security Institute Conference.
Related Items
PCI Compliance Guidelines - Stay Ahead of the Curve
Tokenization is About More Than PCI Compliance – It's a Strategic Business Decision
