PCI-DSS (Payment Card Industry Data Security Standard) is considered one of the “standards” for security within the business world. The requirements outlined by the standard encourage security staff to evaluate their own systems properly, and the implications of not passing help to encourage potentially unwilling executives to invest in security. Because of this, the regulatory framework provided by PCI-DSS is used as a basis for many organizations’ security policies.
But an often overlooked portion of a secure organization – one that is difficult to “build” into a regulatory framework – is education. Education is a broad topic, and one that we at Pwnie feel is particularly important. Though education about security is important unto itself, there is an unfortunate lack of real, public information about how regulatory frameworks are actually implemented on the ground. The Payment Card Industry itself understands the need for documentation helping organizations to move in the direction of compliance; they released a summary of changes from PCI 2.0 to PCI 3.0, a helpful document for overworked security professionals and smaller organizations that do not necessarily have the luxury of having a dedicated compliance officer.
Pwnie Express is excited to announce that we want to contribute to compliance education, starting with our November 13 webinar on PCI-DSS and Remote Sites. Click here to register.