Want to avoid a breach? Become PCI compliant

Organizations that are compliant with the Payment Card Industry Data Security Standard (PCI DSS) are statistically less likely to suffer a data breach than those organizations that are not compliant.

The 2011 PCI DSS Compliance Trends Study by Imperva and Ponemon Institute reported that 64% of PCI DSS compliant organizations suffered no data breaches involving payment card data over a two-year period. This is compared to just 38% of non-compliant companies who reported no card-related incidents over the same period.

Amichai Shulman, co-founder and CTO of Imperva said that “Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don’t – period.”

The PCI DSS is one of the most effective data security regulations available to help organizations in their data security posture. Whilst it is not required by federal law in America, some states do refer to the PCI DSS directly, or make equivalent provisions.

Visa’s Chief Enterprise Risk Officer, Ellen Richey, stated that “no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach.”

For further information, PCI DSS: A Pocket Guide provides a quick overview for those new to the standard, whilst the PCI DSS v3.0 Documentation Toolkit provides all the pre-written, compliant documentation templates to make your project straightforward.

The small print

Of course, we can’t just say that becoming PCI compliant will stop you from suffering a data breach, because it won’t. Yes – it will improve the likelihood of you avoiding a breach involving sensitive payment card information, but it will not protect your other sensitive corporate information from being breached.

The PCI DSS does not, however, protect your top secret business model, next year’s product launches, your staff’s payroll, customer accounts or any other confidential information your business retains on its systems.

ISO27001 is recognised as the world’s only cyber security standard and will help protect your confidential information. Aligning your Information Security Management System (ISMS) to this standard will greatly strengthen your cyber security levels across all your sensitive information, reducing the chance of a data breach.

A copy of the ISO27001 standard is available here and we also have a range of books and documentation toolkits to help further your knowledge and provide support when implementing the standard.

The short and sweet of it all

To put it simply:

If you store, process or transmit payment card information whilst keeping other confidential information on your systems, seek PCI compliance and align your ISMS to ISO27001

If you don’t deal with payment card information but store other types of confidential data, then you should align your ISMS to ISO27001.

Get in touch with IT Governance

IT Governance is recognized throughout America as a leader in providing businesses with customizable cyber security solutions. Whether you’re looking for a ‘Do-It-Yourself’ approach or you’d like our experienced consultants to come and make your business cyber secure for you, we have the resources. Call us today on 1-877-317-3454 or email servicecentre@itgovernanceusa.com to see how we can help you.