Incident Response Forum
April 18, 2018
Bret Padres, Panelist
Managing Retail Data Breaches
This panel will focus on the unique aspects of handling a data breach involving a retail organization, or any other organization that collects credit card information. When a cyber-attack targets electronically transmitted, collected or stored payment card information, so-called Payment Card Industry Data Security Standards (“PCI-DSS”) compliance is often one of the first aspects investigated. PCI-DSS is a set of requirements created to help protect the security of electronic payment card transactions that include PII of cardholders, and operate as an industry standard for security for organizations utilizing credit card information.
If a cyber-attack against a company involves credit cards or other similar modes of payment and triggers PCI-DSS compliance, the unique investigative and remedial workflow involving the PCI-DSS can be extremely costly, cumbersome and disruptive. This panel will also help clarify the value of personal identifying information (PII); how PII is sold/exploited by criminals; and why protecting PII is so important.