Troy Leach, CTO, PCI Security Standards Council - Headlines Industry Session at ControlCase Conference

Leach and ControlCase CEO hosted a discussion on "Assessing the Effectiveness of Your PCI Program."

(left to right) Kishor Vaswani, CEO – ControlCase, and Troy Leach, CTO – PCI Security Standards Council, at the ControlCase Annual Conference themed "Cloud and Mobile Payment Compliance."

ControlCase, a leading global provider of Compliance as a Service (CaaS), Certifications, and IT Governance, Risk and Compliance (GRC) software recently held their Annual User Group Conference at the Willard Hotel in Washington, DC, USA. This year's event, themed "Cloud and Mobile Payment Compliance," attracted professionals working in the areas of IT Governance, Risk and Compliance from banks, merchants and service providers around the world. Conference speakers included senior executives from ControlCase, the PCI Council, Société Générale, FedEX Services, Intersections, Bryan Cave and HITRUST.

A key highlight of the conference was an open discussion facilitated by Kishor Vaswani, CEO - ControlCase, and Troy Leach, CTO - PCI Security Standards Council. This discussion focused on how companies can measure the effectiveness of their PCI programs and also identified ways to evaluate the return on investment for PCI Compliance, considering efficiencies and risk reduction for organizational compliance.

During the discussion, Troy Leach offered some guiding principles for PCI DSS. According to Leach, "Instead of focusing on negative numbers, such as cost, security professionals should demonstrate improvements in security posture and other efficiencies that benefit the company."

"ControlCase events provide a platform for organizations to share best practices for making security a key part of overall business planning and a main focus in the education and training of staff," said Vaswani.
"Given the overwhelming success of this fall's conference, we are looking forward to an exciting line-up of webinars and events in 2015. We remain committed to delivering thought-provoking sessions on dynamic topics to help organizations gain the latest insights on compliance and compliance-related issues that will allow them to make more informed decisions."

Key takeaways from the discussion with Leach and Vaswani included:

Reduce the attack surface - Organizations should re-evaluate legacy business process and reduce unnecessary storage and access to cardholder data.

Continuous Awareness & Protection - From the minimal footprint of data that remains, exercise due diligence and continuous monitoring of PCI DSS requirements that protect with a defense in depth approach.

Prevention of new types of exposure - Changing business environments and processes may present new types of exposure as will the evolution of malware and other threats.

Measure success and identify opportunities for improvement - Only by measuring the improvement of an organizations' security posture, can security professionals truly know the effectiveness of their efforts and how they can improve. Effectively communicating these metrics across the organization should be a cornerstone of business planning.

About ControlCase
ControlCase is a global provider of Compliance as a Service (CaaS), Enterprise Software and Services. Our offerings enable clients to effectively manage their IT Governance, Risk Management and Compliance Management (IT GRCM or GRC) efforts.
Headquartered in the United States, with locations in North America, Europe, Asia Pacific and the Middle East, ControlCase focuses on providing and developing services, software products, hardware appliances and managed solutions that focus on compliance regulations and standards; including PCI DSS, SOC1, SOC2, SSAE16, PIPEDA, ISO 27001/2, FERC/NERC, Sarbanes Oxley (SOX), GLBA, HIPAA/HITRUST, CoBIT, BITS FISAP SIG/AUP and EI3PA.

For more information, please contact ksimon@controlcase.com or visit the company website at www.controlcase.com