The PCI Security Standards Council has published guidance for dealing with and protecting sensitive payment information. “Best Practices for Implementing Security Awareness Program” was developed by the PCI Special Interest Group including retailers, banks, and technology providers. The guidance focuses on three key areas: raising security awareness; developing appropriate security awareness content for the organization; and creating a security awareness training checklist.
“The first step in the development of a formal security awareness program is assembling a security awareness team,” the paper notes. “This team is responsible for the development, delivery, and maintenance of the security awareness program. It is recommended the team be staffed with personnel from different areas of the organization, with differing responsibilities representing a cross-section of the organization.”
“Having a team in place will help ensure the success of the security awareness program through assignment of responsibility for the program,” the paper continues. “The size and membership of the security awareness team will depend on the specific needs of each organization and its culture.”