Content

SC eConference and Expo: PCI Compliance keynote speaker shares advice

There's much controversy surrounding the Payment Card Industry Data Security Standard (DSS) mandates these days. With huge breaches of private data, like that experienced by Heartland Payment Systems (which potentially could have affected some 100 million credit cards), some are wondering just how effective PCI requirements are. Ask many experts, however, and they'll say that being compliant with PCI DSS doesn't mean your company's infrastructure is secure.

We recently talked to Steve Peltzman, CIO of the Museum of Modern Art (MoMA) in New York, who is keynoting Tuesday's SC eConference and Expo: PCI Compliance, to find out his thoughts on PCI.

SC Magazine: What is the one area of PCI compliance that you and your peers seem to have had the most trouble with?

Steve Peltzman: I've yet to talk to anyone who has a firm handle on what precisely PCI means to their organization, how exactly it should be approached, and how much effort should be put towards it. It's still something we're all figuring out for ourselves, not to mention how to communicate its impact to the rest of the company or institution. At a time when budgets have never been tighter and security never tougher, no one wants to handle PCI too lightly or go overboard with it.

SC: As a professional whose company is affected by PCI mandates, in what ways do you think the PCI Security Standards Council could improve the requirements and/or guidance?

Peltzman: I think PCI needs a marketing plan, frankly. IT and non-IT executives alike need to know exactly where the single source for PCI DSS information is. At companies and institutions all over the country, IT executives are trying to explain PCI to their management and the message is certainly not consistent, and sometimes might not even be right. The PCI Council needs to help us get that word out correctly and effectively to maximize its effect.

SC: Given how far MoMA has come in continually coming into line with PCI, what would be your top piece of advice that you'd give to others who are still trying to get compliant?

Peltzman: Like anything else in IT, you need solid executive backing to succeed with PCI. Technology executives can't hope to succeed if they're the only ones who understand it and care about it. In lieu of the PCI Council marketing it to your company's executives, carry that flag yourself and make sure everyone knows what it is, why it came about, and why it's as much of an opportunity for your company as it is a challenge.

To learn more ins and outs of PCI Compliance from Peltzman and other experts, register for free for the SC eConference and Expo: PCI Compliance, which is set for Tuesday from 9 a.m. to 6 p.m. EST. Just click here. There you'll find a complete agenda and other information about the day's online event.

 

 

 

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.