The PCI Security Standards Council has announced new guidelines to help organizations respond to data breaches.
“Responding to a Data Breach: A How-to Guide for Incident Management” provides retailers and service providers with key recommendations so they can be prepared to react quickly if a breach is suspected. It specifically suggests what they should do to contain damage and launch an effective investigation.
The guide was developed in collaboration with the Payment Card Industry (PCI) Forensic Investigators (PFI) community. The PCI Security Standards Council is a global forum responsible for the development, management, education, and awareness of the PCI Data Security Standard and other standards that increase payment data security.
“The silver lining to high-profile breaches that have occurred is that there is a new sense of urgency that is translating into security vigilance from the top down, forcing businesses to prioritize and make data security business-as-usual,” Stephen W. Orfei, PCI SSC general manager, said in a statement.
“Prevention, detection and response are always going to be the three legs of data protection,” Orfei said. “Better detection will certainly improve response time and the ability to mitigate attacks, but managing the impact and damage of compromise comes down to preparation, having a plan in place and the right investments in technology, training and partnerships to support it.”