PCI Expert James DeLuccia IV Suggests Retailers Address Both Sides of Risk Management - Security and Business Availability

Share Article

For business integrity, retailers must evaluate both data security and operational resiliency measures.

The best risk management initiatives don't simply protect data, they help the company to run more effectively

The holiday shopping season is again putting the spotlight on PCI (Payment Card Industry) compliance, including the measures retailers must take to ensure the confidentiality of consumer data. However, IT management expert James DeLuccia IV reminds retailers that comprehensive risk management also extends beyond security to operational resiliency and business continuity aspects.

"It's an increasingly complicated landscape, with retailers not only having to worry about PCI compliance to ensure consumer data protection, but also IT issues that relate directly to business uptime," said DeLuccia, one of the architects of the international credit security standard, which applies to credit reporting agencies. "These issues include system availability, transaction response times, data recovery and failover mechanisms. With the holiday season accounting for approximately 20 percent of annual sales for retailers - both in stores and online - it is imperative that operations not only run, but run efficiently or else risk losing sales."

PCI compliance is a cumbersome yet vital undertaking for retailers, due to continually evolving business objectives and technology environments. For example, the proliferation of wireless networks (cell phone and hotspots) creates an increasing risk for security breaches that were not widely present just a few years ago. Regardless, retail enterprises have to allot a larger share of IT man hours to manage PCI compliance and security tasks.

DeLuccia contends that risk mitigation strategies require input and buy-in from senior management and decision-makers across the enterprise. It also demands the careful alignment of IT infrastructure changes with a company's core business objectives.

"The best risk management initiatives don't simply protect data, they help the company to run more effectively," he said. "This is the case when equal consideration is given to areas like system continuity and service delivery that support operational measures. It's the blending of business necessity with core methods for data security that ensures overall risk management."

DeLuccia is a recognized expert on PCI compliance and IT risk management. He is a published author and host of a number of industry blogs on PCI and other topics. His new book, "IT Compliance and Controls: Best Practices for Implementation," will be released in March 2008. Read more of DeLuccia's thoughts on PCI compliance at http://pcidss.wordpress.com.

About Intellection Strategies
James DeLuccia IV is the founder of Intellection Strategies, a firm focused on helping clients use information and information technology to create competitive advantage, optimize business performance, and achieve an ideal balance around compliance, governance, security, and risk management. Intellection Strategies is headquartered in Atlanta and serves clients in the United States and worldwide. For more information, please visit: http://www.intellectionstrategies.com.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

TARA BILLER
Visit website