ControlScan, Inc. and 2-sec, Ltd. to Present “Incident Response Plan Toolkit”
SIG Proposal at North American, European Payment Card Industry Community Meetings
PCI Special Interest Group would improve merchants’ risk preparedness, incident handling
ATLANTA and LONDON, Sept. 12, 2013 – Payment security and compliance solution provider ControlScan, Inc., and security testing, QSA, PA-QSA and consulting firm 2-sec, Ltd., jointly announced today that they will present their proposal for a 2014 Special Interest Group (SIG) at the North American and European Payment Card Industry (PCI) Community Meetings this fall. The proposed SIG would be responsible for developing guidance, including an “Incident Response Plan Toolkit,” to help merchants reduce response-related costs and recovery time following a data breach event.
Since 2011, the PCI Security Standards Council has invited members of its community to preside over SIG projects that enhance the value of the PCI Data Security Standard (DSS). The 2014 SIG proposal submitted by ControlScan and 2-sec is designed to help merchants develop an effective incident response plan (IRP) in accordance with PCI DSS Requirement 12.9. The Ponemon 2013 Cost of Data Breach Study found that U.S.-based companies with an incident response plan in place prior to a breach event paid as much as $42 less per breached record than companies without an IRP.
“A well-rounded IRP enables the merchant to act quickly and appropriately should they suspect that a data breach has occurred,” said Steve Robb, senior vice president of products and services, ControlScan. “All organizations, from the large enterprise to the ‘mom-and-pop’ shop, can greatly benefit from an easy-to-use toolkit for putting this type of plan together.”
Members of the proposed “IRP Toolkit” SIG would create a compilation of instructions, recommendations, templates, checklists and quick links intended to help merchants easily assemble a plan of action conforming to their unique business and operating conditions. According to ControlScan and 2-sec, small and mid-sized businesses (SMBs) would benefit most from incident planning and response guidance because these organizations are typically in a reactive state when it comes to data security. Limited technical knowledge and tight budgets can make SMBs an easy target for data thieves as they seek out and exploit the paths of least resistance.
“Incident response planning is not just about being able to execute a plan should a mission-critical data breach occur; it’s about putting procedures in place to manage security incidents at any level and feeding them back into the information security lifecycle on a daily basis,” said Tim Holman, founder and CEO, 2-sec. “Organizations that do not learn from incidents will inevitably fall behind and will not be able to evolve or improve the rest of their security controls and move to a business-as-usual security culture.”
ControlScan’s Robb will give a live presentation of the ITP toolkit SIG proposal at the PCI SSC North American Community Meeting, Sept. 24-26 in Las Vegas, while 2-sec’s Holman will present at the European Community Meeting, Oct. 29-31 in Nice, France. Voting on the 2014 SIG proposals will take place via an online election in November. For more information about ControlScan and 2-sec, and their respective solutions, please visit ControlScan.com and 2-sec.com.