IT Specialist & Developer IT Specialist Personal Blog, Specialized in Information Security, Compliance, Business Development, and Active Software Developer
  • PCI-DSS is a work style

    PCI-DSS is a work style

    PCI-DSS one of most respected compliancy requirements for Financials; it is currently of the major features that products advertise itself by being PCI-DSS Compliant.

    Every Financial institution I know either fully PCI-DSS compliant or engaged into getting compliant. However getting the certificate is not the end of the story. Although PCI-DSS mandates a review process dependent of controls types, those reviews are not enough to keep concrete compliancy with PCI-DSS.

    From experience point of view, every single person in the organization should engage in the process, and must have knowledge about the controls he/she should take care of while doing his/her work. This includes all office staff, and any other field worker like drivers, and security guards.

    The engagement required for each member of the organization is variant, there are several generic information and guidelines that everyone should know. People need to get reminded periodically of the importance of controls imposed on their behavior; otherwise you will get demotivated people within your organization as a result of the controls that ban them from doing specific things.

    For PCI-DSS to stay alive in an organization, the organization programs and internal communication should choose regularly specific controls to emphasize on them, and if possible make some kind of internal competitions with prizes for those staff members who keep their knowledge of PCI-DSS controls fresh.

    Without getting people to buy into the controls of the PCI-DSS, they tend to forget and relax back on applying them.

    Having systems to track people behavior, monitor their emails, and network traffic is not the solution to get people engaged actively. It is the internal marketing, and well-designed advertisement of benefits gained for the organization and people security.

    Published on January 6, 2012 · Filed under: Financial and Banking, PCI-DSS; Tagged as: ,
    No Comments

Leave a Reply