ATLANTA & LONDON--(EON: Enhanced Online News)--Payment security and compliance solution provider ControlScan, Inc., and security testing, QSA, PA-QSA and consulting firm 2-sec, Ltd., jointly announced today that they will present their proposal for a 2014 Special Interest Group (SIG) at the North American and European Payment Card Industry (PCI) Community Meetings this fall. The proposed SIG would be responsible for developing guidance, including an “Incident Response Plan Toolkit,” to help merchants reduce response-related costs and recovery time following a data breach event.
“Organizations that do not learn from incidents will inevitably fall behind and will not be able to evolve or improve the rest of their security controls and move to a business-as-usual security culture.”
Since 2011, the PCI Security Standards Council has invited members of its community to preside over SIG projects that enhance the value of the PCI Data Security Standard (DSS). The 2014 SIG proposal submitted by ControlScan and 2-sec is designed to help merchants develop an effective incident response plan (IRP) in accordance with PCI DSS Requirement 12.9. The Ponemon 2013 Cost of Data Breach Study found that U.S.-based companies with an incident response plan in place prior to a breach event paid as much as $42 less per breached record than companies without an IRP.
“A well-rounded IRP enables the merchant to act quickly and appropriately should they suspect that a data breach has occurred,” said Steve Robb, senior vice president of products and services, ControlScan. “All organizations, from the large enterprise to the ‘mom-and-pop’ shop, can greatly benefit from an easy-to-use toolkit for putting this type of plan together.”
Members of the proposed "IRP Toolkit" SIG would create a compilation of instructions, recommendations, templates, checklists and quick links intended to help merchants easily assemble a plan of action conforming to their unique business and operating conditions. According to ControlScan and 2-sec, small and mid-sized businesses (SMBs) would benefit most from incident planning and response guidance because these organizations are typically in a reactive state when it comes to data security. Limited technical knowledge and tight budgets can make SMBs an easy target for data thieves as they seek out and exploit the paths of least resistance.
“Incident response planning is not just about being able to execute a plan should a mission-critical data breach occur; it’s about putting procedures in place to manage security incidents at any level and feeding them back into the information security lifecycle on a daily basis,” said Tim Holman, founder and CEO, 2-sec. “Organizations that do not learn from incidents will inevitably fall behind and will not be able to evolve or improve the rest of their security controls and move to a business-as-usual security culture.”
ControlScan’s Robb will give a live presentation of the ITP toolkit SIG proposal at the PCI SSC North American Community Meeting, Sept. 24-26 in Las Vegas, while 2-sec’s Holman will present at the European Community Meeting, Oct. 29-31 in Nice, France. Voting on the 2014 SIG proposals will take place via an online election in November. For more information about ControlScan and 2-sec, and their respective solutions, please visit ControlScan.com and 2-sec.com.
About ControlScan, Inc.
Headquartered in Atlanta, Georgia, ControlScan delivers secure payment solutions to a global network of merchant service providers and the small businesses they serve. The company’s innovative approach to secure hosted payment and PCI compliance solutions leverages technology, education and services to provide flexible options for its customers. Known for its thought leadership, ControlScan gives its customers a clear view of marketplace issues and trends so they can remain competitive. For more information, please visit ControlScan.com or call +1 678-279-2640 (toll-free: 1-800-825-3301).
About 2-sec, Ltd.
Based in London, UK, 2-sec provides a specialist range of security testing and consultancy services. The company ethos is to employ the best, deliver the best and never to oversell or promote services that clients simply do not need, or cannot support. 2-sec have assisted a number of clients in the finance, insurance, retail, health, service provider and hospitality sectors, from small medium enterprises to FTSE-100 companies, and specialise in risk reduction and data loss prevention, through the implementation of risk, security and compliance initiatives. 2-sec’s ongoing mission is to deliver cost-effective, honest and independent advice, through superior quality and consultant-led services. For more information, visit www.2-sec.com or call +44 (0) 121 352 6682.