In our previous article, we discussed the concept of risk management–what it is and why it’s important.
However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts.
While this move is a good one, we also find that many organizations will over-rely on frameworks as an end-all, be-all approach to security, which can prove more confusing than helpful.
“Risk “is a term gaining real traction in any industry where cybersecurity regulations impact businesses. Many frameworks and regulations are turning to risk management as a proactive and comprehensive approach to security management. This shift can mean big changes for enterprises that aren’t generally considering risk as part of their security profile.
This article is the first in a series of articles related to risk management as a challenge for modern businesses. Throughout this series, we will cover several topics related to risk management in modern business:
After several delays and timeline shifts to accommodate vendor and auditor feedback, the Payment Card Industry Security Standards Council will release the newest version of the framework, PCI DSS 4.0. This standard, expected to launch at the end of March 2022, will fundamentally alter some key components of the framework to help support payment acceptance for modern devices and consumers.
Here is what we are expecting to come down the pipeline once PCI 4.0 hits the market.