PCI DSS Compilance- 2nd Define your objectives.*
https://www.gwebpro.com/web-analytics/defining-objectives-2/

PCI DSS Compilance- 2nd Define your objectives.*

EXELL ENRIQUE FRANKLIN JIMéNEZ Industrial Cybersecurity Strategies EXELL ENRIQUE FRANKLIN JIMéNEZ Industrial Cybersecurity Strategies

EXELL ENRIQUE FRANKLIN JIMéNEZ Industrial Cybersecurity Strategies

Industrial (OT) Cybersecurity Expert | Risk Management | Cyber Security Consultant |

发布日期: 2021年11月30日
+ 关注


Highlight what's important

It is important to emphasize: today cybersecurity management implies having the cybersecurity objectives (availability, integrity and confidentiality) aligned with those of the business in key areas such as operational, financial, compliance and most importantly, the strategic. And these in turn with the objectives of the PCI DSS, which are:

  • Build and Maintain a Secure Network and Systems.
  • Protect Cardholder Data.
  • Maintain a Vulnerability Management Program.
  • Implement Strong Access Control.
  • Measures Regularly Monitor and Test Networks.
  • Maintain an Information Security Policy.

Managing many goals can become a headache, so the best way to align them is to follow four principles:

  1. Know the business: The mission and vision of the business,Financial goals,Board priorities and Industrial trends.
  2. Link with other bussines areas: For security to be a business enabler, it is essential to establish proper work with the board and the other managers.
  3. Cybersecurity: Language of business. In order to reach other areas of the company, it is important to translate the technical and defined language of the requirements and objectives of PCI DSS to elements related to the business. To achieve the point, it is necessary to incorporate the strategic information of budget, risks, supply chain, customers, employees and areas of responsibility and how the business works.
  4. Understand PCI DSS is a goal, an improvement, an investment and a cost: It is a goal because it implies business essential functions, it is an improvement because it helps to maintain a good cybersecurity posture, it is an investment because it allows reducing the impact loss by reducing risk, and it is a cost because, it must be involved in the budget.

Bearing in mind the previous four points, results easy to define the responsibilities of all the areas in the process, have the support of the other sectors of the company and have the necessary budget. It is important to note that the components of the process regarding validation and attestation are carried from the management area, then; Involving them from the beginning and keeping these four points in mind will speed up the process.

领英推荐

PCI articles:

Part I Compilance.

Part II Beyond the check list.

Part III 1st. *Proces start

Part IV 2nd Define your objectives.


*Based on SC State Treasurer’s Office PCI Data Security Compliance Roadmap.

要查看或添加评论,请登录

EXELL ENRIQUE FRANKLIN JIMéNEZ Industrial Cybersecurity Strategies的更多文章

社区洞察

其他会员也浏览了