About the cover
Navigating the complexity of payment security is like steering a ship through unpredictable waters. It requires skill and strategic planning to negotiate changing currents, ebb and flow, unanticipated dangers, and the potential impact of evolving conditions. This navigation is about to take a new turn with the introduction of the Payment Card Industry Data Security Standard PCI DSS v4.0 with its customized
approach and continuous compliance.
That’s why the theme of the 2022 Payment Security Report (PSR) is preparing to successfully negotiate PCI DSS v4.0: how to determine the tools you’ll need, identify and solve potential challenges, and choose the best path forward to determine and accomplish your goals.
Fittingly, our cover design is a circuit board with many interconnected channels. The white dotted line presents a course of unobstructed program progression within a well-organized security compliance management system.
The circuit board appears on a black background, which symbolizes absence of visibility, risk, the dark web and the vastness of our interconnected environments.
To maintain an unobstructed course in such a deep abyss, security practitioners must plan for unexpected changes and unintended consequences. Today’s data security planning and compliance requires choosing the right course, carefully mapping it and skillfully navigating around the obstacles.
Lateral movement—directed to a side—is relevant to a key metaphor in the report: one about a recent shipping fiasco in the Suez Canal. Lateral movement is also a method used by attackers in which a network is systematically infiltrated to access data and assets.
Even when traveling in a straight line through seemingly safe waters, one needs to prepare for unpredictable outcomes and side effects. Our metaphorical recounting of the container ship Ever Given’s recent grounding and blockage of the Suez Canal (see page 11) highlights why chief information security officers (CISOs) and their teams need to apply a logical, coordinated process to evaluate requirements and constraints while navigating their ship into sound security and compliance waters.
No one engaged in PCI security should feel that their organization’s approach to compliance is random—controlled by outside events, circumstances or other people. Numerous powerful solutions exist to help your organization take charge of its compliance program’s destination. And that’s exactly what we’ll be exploring in this edition of the PSR. We’ll introduce a toolbox of management methods, models and frameworks to help your organization negotiate the changing waters, whether you’ll be traveling in a straight line or taking a less-predictable zigzagging course. This special set of management tools is designed to harness the combined capabilities within your organization and establish better management of your PCI security program by helping you plan, design, navigate, fix and maybe even rescue
your security ship on its journey through unknown waters.
About the cover