PCI compliance is important for all companies accepting or processing card payments. The PCI Security Standards Council introduced a new version of its data security standard, version 3.2, at the end of April. There is a phase-in (sunrise) period for use of the new version. Customers currently undergoing or scheduled to undergo a PCI audit can use the old 3.1 standard until October of 2016. Customers scheduling an audit after October will have to use the new 3.2 framework.
The transition to the new framework can be made easier with a GRC tool to help you identify the changed requirements and map your existing security controls to meet the new objectives.
You can find more details on version 3.2 of the PCI Data Security Standard including key changes, in the following press release:
Verizon recently released its annual Data Breaches Investigations Report that shares findings and trends on the digital threat landscape based on data from thousands of organizations. The report makes it abundantly clear that data breaches continue to be common, and pose a risk to organizations regardless of size, location, industry, and level of investment in information security.
One way to more effectively manage your risk is to make sure you get the most for your investment. Simplify your compliance/infosec risk management by removing duplication and redundancy, and help your employees make the most of their time with a tool that can help them automate and visualize.
The following article discusses some key findings from the report:
As discussed in the Verizon story above, data breaches continue to be common. In healthcare they can impact much more than just your bottom line. As IT in healthcare becomes increasingly common, the impact of data breaches and malicious activity becomes more dire. Recent examples include ransomware at hospitals which locked users out of patient records and medical systems, making it impossible for the hospital to fulfill its mission—which could lead to loss of life.
The following article further dives into the costs incurred from data breaches in the healthcare industry: