The PCI Security Standards Council (SSC), an open global forum for the development of payment card security standards, has published a security awareness programme.
Developed by a PCI Special Interest Group, the guide aims to help organisations improve company-wide information security awareness and provides recommendations for education staff on protecting sensitive payment information and how to do so securely.
The guide, known as Best Practices For Implementing Security Awareness Programme, follows reports of breaches the suggest employees need a better security understanding to identify, protect and mitigate data compromises.
“Whether it’s POODLE, Shellshock or the latest variant of malware, businesses and employees are exposed to threats every day that can put sensitive information at risk,” claimed PCI SSC CTO Troy Leach.
“PCI Standards emphasise the importance of people, process and technology when it comes to protecting payment information.
“This guidance can help businesses focus on the ‘people’ part of the equation and build a greater culture of security awareness and vigilance across their organisations,” he added.
Best Practices was developed with the help of retailers, banks and technology providers and hopes to help organisations of all sizes, budgets and industry.
It provides detailed recommendations for developing, implementing and maintain a security awareness programme that support PCI DSS requirements and meets unique business needs.
The three key areas the programme focuses on are assembling a security awareness team, developing appropriate security awareness content for an organisation and creating a security awareness checklist.
The guidance also includes two appendices for organisations to reference in their efforts to achieve compliance: a sample mapping of PCI DSS Requirements for different roles, materials sand metrics and a sample checklist for recording how a security programme is being managed.