Michael Rasmussen, President of Corporate Integrity; David Wallace, Group Manager of Security Compliance at CHASE Paymentech
The Payment Card Industry Data Security Standard (PCI DSS) provides data protection requirements for organizations that process card payments. These requirements have even been adopted as law by some US states (e.g., Minnesota, Nevada, Washington). While organizations that fully comply with PCI DSS are considered compliant credit-card processors, compliance and security are not one in the same. An organization can be breached without cardholder data being compromised, but there are other valuable items in the companies possession â customer PII, strategic information, patents and innovations, as well as reputation and trust â that can be equally or more costly to lose.
What is the difference between compliance and security? And how can organizations effectively think more broadly about risk and security that drives an approach PCI DSS compliance and beyond to ensure the security and control of all their critical information? In this IT GRC Forum webinar, Michael Rasmussen of Corporate Integrity and Dave Wallace from Chase Paymentech will examine:
1. How the threat landscape is indeed dynamic, but the effective system exploits remain the same as in the late 90s.
2. Why the COMPLIANCE environment hasn't changed much â the same threats are still valid, and the same vulnerabilities are still being exploited.
3. How developing and implementing an effective risk and security program can serve as a catalyst for achieving multiple forms of compliance - including PCI DSS
4. Critical elements to achieving effective and efficient security that addresses PCI DSS compliance