Walter Conway Associates, LLC
My Publications
Home
PCI Consulting Services
Qualifications
My PCI Publications, Data
PCI DSS Blog
Events
Web Resources
Contact

Making the business case for PCI Compliance -- Do the Math

PCI compliance is a business issue, not a technology issue. Here are some items that you may find useful in making your own business case for compliance.

The first you may have already seen: the paper Dennis Reedy and I wrote for the Association of Financial Professionals describing the frequency of breaches in Higher Education, and making the business case for PCI compliance. The second is our follow-up article for the AFP describing five strategies for achieving PCI compliance.  Lastly, there is a presentation (also in PDF) that I have used at the Treasury Institute PCI workshops. Lastly, there is a newspaper article citing a number of Higher Ed security breaches. You may find these resources useful in your own work.

Click here to see my "Five Myths about the Payment Card Industry Data Security Standard" for the Government Finance Officers Association. I think it applies to all enterprises, not just government agencies.

Or, you can click here to download a pdf of the GFOA "Five Myths" article.

Click here for the NACUBO Business Officer article, "Straight Talk about Data Security"

Click here for the first AFP article, Campuses as Risky Merchants.

Click here for the second article on 5 Strategies for PCI compliance

Click here for the business case presentation.

Click here for the security breach article.

The link below will take you to the PCI Survey of attendees at the Treasury Institute's May 2008 PCI Workshop.

Click here to download a pdf of the survey results.

I recently updated our database of data compromises for 2000 through 2007.

For those of you who want to see a brief summary, I have made a 4-page (pdf) file available. If you wish to investigate the actual data, you also can download an Excel spreadsheet with all the data updated through 2007. The spreadsheet contains data on 798 publicly reported security breaches in the US since 2000. The spreadsheet has several graphs illustrating the findings (the third tab). While the data are public, I ask that you credit me if you use either the updated conclusions or spreadsheet in a publication.

Click here to download my analysis of breaches 2000-2007

Click here to download the Excel spreadsheet.

 

walt@walterconway.com               © 2007 Walter Conway  All Rights Reserved