PCI DSS 4.0: How to Comply With New Security RequirementsVerizon Payment Security Report Authors Discuss Security Gaps, Key Strategies
Earlier this year, the PCI Security Standards Council issued version 4.0 of the PCI Data Security Standard, or PCI DSS. How can organizations comply with the new standards?
Information Security Media Group asked two experts from Verizon, Ferdinand Delos Santos and Rokon Zaman, to discuss the new regulatory requirements and Verizon's 2022 "Business Payment Security Report: Preparing to navigate PCI DSS v4.0," which highlights the key steps needed to comply with the latest regulations.
Continuous monitoring has always been a requirement of PCI DSS, but the new version places more emphasis on it, says Santos, senior manager of Verizon's Asia-Pacific security PS leadership team. "The whole bottom line is that you cannot do the minimum," Santos says. "You have to make compliance an ongoing activity instead of being a one-off."
Zaman, senior manager of security assurance for Verizon in Australia, says that organizations need to establish KPIs for tracking performance. "Effectiveness or performance of security activity must be measured and reported to ensure security activities are performed on an ongoing basis, implementing a continuous improvement process to ensure issues are collected," he says.
Santos advises organizations to avoid a siloed approach and consider the many interdependencies of processes across the enterprise during implementation. Instead of simply complying with a new requirement, he says, "We should attach it to a particular security management goal that elevates the risk management posture and security management posture of the organization."
In this video interview with Information Security Media Group, these two experts discuss:
- Highlights of Verizon's payment security report;
- The security control gaps in the payment industry and how the latest version of PCI DSS can address them;
- Key strategies for implementing new PCI DSS across the organization.
Santos serves on Verizon's leadership team for security consulting in Singapore and the Asia-Pacific region. He is an experienced business leader in both IT and information security.
Zaman serves in Verizon's security assurance professional services advisory practice in Australia. He has more than 12 years of experience in cybersecurity advisory and assessment services across the financial services, commercial and public sectors.