People are considered to be the weakest link in an organization's cybersecurity defense. Therefore, in most cases, the company's employees are the primary target of cyber attackers. Moreover, people are easier to compromise and exploit than finding a single piece of software to penetrate a company or business. Although a lot of effort is put into improving the existing security infrastructure, ignoring human resources would leave a significant gap in the defense strategy.

Join ISACA Research Advisor Brian Fletcher and Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered.” In this episode, they discuss the challenges of implementing a security awareness program to close this gap, as well as the legal/ethical issues to be considered during implementation. Requirement 12.6 of the Payment Card Industry – Data Security Standard (PCI-DSS) requires a security awareness program to be conducted at least once per year and for new employees. However, this is not an easy task and cannot be a one-time activity. However, when implemented effectively, awareness programs can be the company’s human firewall, keeping the company compliant with regulations like PCI-DSS, protecting it from fines for non-compliance, defamation, and the costs of data breaches. They also help to strengthen customer trust and loyalty.

To read Dr. Razack's full article, click here – www.isaca.org/pci-dss-compliance

Don’t forget to Like, Comment and Subscribe for more content from ISACA Production!

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.