IT Governance Blog on IT governance, risk management, compliance and information security.

Becoming compliant to the Payment Card Industry (PCI) Standard can help businesses protect their customer’s data, win new business and protect their brand. But did you know it can also help protect you from litigation in the event of a cyber breach?

In 2010 laws were passed in Washington State, Minnesota, Nevada and Massachusetts which stated that businesses are not liable for unauthorized access to credit card information they stored if they were PCI compliant. Similar laws are expected to be rolled out across States in the near future.

The quickest way to become compliant is by using the PCI DSS Compliance Toolkit.

This toolkit contains all the templates, tools and policies you need to conduct your own PCI compliance project quickly and cost-effectively. It contains all the documents you need and essential guidance on how to achieve compliance.

Until Friday this toolkit comes with a free PCI Staff e-Learning Course. Staff training is essential in the correct handling of sensitive data and meeting the requirements of the PCI Standard.

Order this toolkit and get started on your road to compliance today >>>

CEOs should be checking their bank statements. If they do this, they will notice that it is costing them over £600 per annum to be non-compliant with the Payment Card Industry Data Security Standard (PCI DSS). There is a huge misunderstanding, that PCI DSS compliance is expensive. What actually costs organisations a lot of money is to be non-compliant.

Failure to comply with the PCI DSS will result in heavy fines, restrictions or even permanent expulsion from payment card acceptance programmes. Organisations, which are unable to meet their security obligations, risk becoming vulnerable to data breaches.

The Solution …

Organisations can do a few things in order to remove the risk of their website being hacked by criminals using stolen card details. More importantly, these things don’t cost a fortune – some bespoke PCI DSS-compliance resources like an introductory book, a documentation toolkit and an annual scanning contract – as well as a little bit of work – can save them the monthly cost and protect them from data loss. It is a security investment with a year one return of 150%.

With this toolkit you can protect your brand and simplify the process of becoming PCI compliant.

Buy this toolkit today and get the ICT Strategy Toolkit FREE!
Only available until the end of February!

Organisations should not just see compliance to such standards as the Payment Card Industry (PCI) and Data Protection Act (DPA) as ways to combat cyber crime. PCI and DPA compliance can, and should, be used as a business driver.

By achieving compliance you demonstrate to stakeholders, potential clients and customers that you take data protection and payment card security seriously. These are the kind of assurances that all modern businesses need to offer to win new contracts, new suppliers and new customers. Indeed, you should be winning new business based on the fact you are compliant.

All UK organisations must comply with the DPA, whilst all card processing organisations must also comply with the PCI. If you are not compliant with these standards, you could be losing out on business. The quickest way to achieving PCI & DPA compliance is by using a documentation toolkit, because the documentation is the most difficult part of the process.

These toolkits contain all the tools, templates and guidance you need to quickly become compliant. For a limited time they also include essential pocket guides to each standards set of requirements.

Ensure you stay ahead of your competition and become PCI & DPA compliant >>>

Compliance by Design: IT Controls that Work will show you how to:

• implement changes that will improve your processes;
• allay fears and overcome resistance from your stakeholders;
• integrate controls into your everyday processes;
• achieve synergy from interconnected processes;
• assess your priorities and handle conflicting objectives;
• analyse and manage risks;
• and, establish a system of controls that is right for your business.

This book will arm you with the tools and techniques you need to put in place the right system of IT controls in order to develop an effective and sustainable IT compliance strategy.

Order Compliance by Design today >>>

The pressure on organizations to maintain security and comply with regulatory requirements has never been more prevalent. With an increase in security and the number of hacking attacks rising, it is vital that organisations establish and put in place the correct controls.

IT controls will enable the secure processing, availability, confidentiality and integrity of data, which in turn, will aid organisations in achieving their compliance obligations.

‘Compliance by Design: IT Controls that work’ will show you how your organisation and benefit from becoming compliant with the relevant national and international standards. It will show you how integrating controls into your processes will improve your security, increase your productivity, save you time and money, and increase your profits.

Compliance by Design: IT Controls that Work will show you how to:

• Implement changes that will improve your processes
• Allay fears and overcome resistance from your stakeholders
• Integrate controls into your everyday processes
• Achieve synergy from interconnected processes
• Assess your priorities and handle conflicting objectives
• Analyse and manage risks
• And, establish a system of controls that is right for your business.

This book will arm you with the tools and techniques you need to put in place the right system of IT controls in order to develop an effective and sustainable IT compliance strategy.

Order Compliance By Design today >>>

Learn about PCI DSS in one weekend with PCI DSS A Pocket Guide, for only £8.95!

Consisting of just 45 pages, this handy book provides a complete overview of the Payment Card Industry Data Security Standard V2.0.

Written in non-technical language, this easy-to-read pocket guide will teach you:

• Who needs to be PCI compliant
• Consequences of a breach
• How to comply with the standard
• PCI self-assessment questionnaire (SAQ) – including the new SAQ C-VT
• Procedures and Qualifications
• Overview of the Payment Application Data Security Standard

Learn about PCI DSS in one weekend with this comprehensive pocket guide >>

Learn about PCI DSS in one weekend with this comprehensive pocket guide >>

More to explore:

Last week the Amazon owned Zappos shopping website admitted it has been hacked. Zappos asked customers to change their passwords and warned that some personal information might have been exposed in the attack.

Zapphos are PCI compliant and all their transactions are authenticated and encrypted using SSL. This raises the question of how the attack occurred and how a joined up approach of cyber defences and staff training is required to combat data breaches.

Alan Calder, CEO of IT Governance USA, says, “Companies should regularly educate employees about data breaches risks. This is the only way to minimise the insider threat, which is probably the reason for over 50% of data breaches. Staff should be aware not to install any unauthorised software which may be disguised as malware. They shouldn’t be opening emails from unknown sources or be sharing their passwords with others.”

Our PCI DSS Online Staff Awareness course is a cost-effective way of delivering essential training.

The PCI DSS Online Staff Awareness course from IT Governance will increase employees’ awareness of the PCI DSS requirements, and will provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the PCI DSS (v2.0) standard.

“Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the PCI DSS standard and protect the crucial intellectual assets of your organization, namely your confidential information, relationships and reputation.” Alan Calder.

Order the PCI Online Staff Awareness Course Today >>>