Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?
There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.
This probably makes sense to many reading this. But what's missing from this equation? More than you may think.
To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.
There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.
Guest Mitch Parker, CISO, Indiana University Health (@mitchparkerciso on Twitter)
Resources
3 blogs related to the pending v4 PCI-DSS standard:
https://blog.pcisecuritystandards.org/pci-dss-looking-ahead-to-version-4.0https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updateshttps://blog.pcisecuritystandards.org/3-things-to-know-about-pci-dss-v4-0-development This Episode’s Sponsors:
Nintex: https://itspm.ag/itspntweb
Imperva: https://itspm.ag/imperva277117988
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?
There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.
This probably makes sense to many reading this. But what's missing from this equation? More than you may think.
To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.
There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.
Guest Mitch Parker, CISO, Indiana University Health (@mitchparkerciso on Twitter)
Resources
3 blogs related to the pending v4 PCI-DSS standard:
https://blog.pcisecuritystandards.org/pci-dss-looking-ahead-to-version-4.0https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updateshttps://blog.pcisecuritystandards.org/3-things-to-know-about-pci-dss-v4-0-development This Episode’s Sponsors:
Nintex: https://itspm.ag/itspntweb
Imperva: https://itspm.ag/imperva277117988
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
Dansk
Danmark