PCI SSC has recently published guidance on responding to a cardholder data breach. The aim of the document is "to help merchants and service providers with incident response preparation. This guide also describes how and when a Payment Card Industry Forensic Investigator (PFI) should be engaged to assist."
As everyone knows, protecting the cardholder data is the main goal of
PCI DSS, especially the PCI DSS. Therefore it obvious that PCI
compliance mandates strict incident response activities in case of a data breach.
According to the guidance, an organization should be prepared for the data breach response by performing the following activities:
1- Implementing an IR (Incident Response) plan.
2- Limiting data exposure.
3- Planning the notification of all required parties.
4- Ensuring the inclusion of necessary measures in third-party contracts.
The next steps are mainly about identifying and engaging a PFI (PCI Forensic Investigator).
No comments:
Post a Comment