PCI security and compliance requirements are important. Without it, none of this would be possible. Think of a road without lines or traffic signals; no trust only anarchy and confusion. It’s more than a set of rules needing technology as a resolution, it includes a process discipline that when combined with technology, can protect a business’s assets.
Further, as new cloud, mobile and emerging platforms arise, considerations need to be made ensuring that internal and external connections are secure, robust while adhering to company / industry policies. One of the most challenging parts of developing a risk management strategy is the realization that security is not static meaning, a ‘fortress mentality’ isn’t the answer. It’s a constant process that needs consistent attention for all pieces to consistently work harmoniously.
Like it or not, as businesses increasingly digitize their payment processes, risk management will be an integral part of how business gets done – giving customers and partners the assurance needed to feel secure with you.
My background with information security goes back to my days at Bell Nexxia at the turn of the century when the twin towers fell on 9/11. At the time I was reselling IBM’s managed data centre, disaster recovery and business continuity services as I considered my Certified Information Systems Security Professional (CISSP) designation. Since then, security has been a mainstay in advising businesses on best practices as they move to digitize their process. Some of the areas include:
- Assessing business risks and exposures;
- Documenting risk and tolerance levels;
- Developing comprehensive strategies to minimize risk exposures;
- Designing a plan of action that fits current and future needs
If you’d like to discuss this further, feel free to contact us.