|
PCI compliance is a business issue, not a technology issue. Here are some items that you may find useful in making your
own business case for compliance.
The first you may have already seen: the paper Dennis Reedy and I wrote for the
Association of Financial Professionals describing the frequency of breaches in Higher Education, and making the business case
for PCI compliance. The second is our follow-up article for the AFP describing five strategies for achieving PCI compliance.
Lastly, there is a presentation (also in PDF) that I have used at the Treasury Institute PCI workshops. Lastly, there is a
newspaper article citing a number of Higher Ed security breaches. You may find these resources useful in your own work.
Click here to see my "Five Myths about the Payment Card Industry Data Security Standard" for the Government Finance Officers
Association. I think it applies to all enterprises, not just government agencies.
Or, you can click here to download a pdf of the GFOA "Five Myths" article.
Click here for the NACUBO Business Officer article, "Straight Talk about Data Security"
Click here for the first AFP article, Campuses as Risky Merchants.
Click here for the second article on 5 Strategies for PCI compliance
Click here for the business case presentation.
Click here for the security breach article.
|
