Governance & Risk Management , PCI Standards , Standards, Regulations & Compliance

PCI DSS as a Security Tool for Healthcare

Christopher Strand of Carbon Black on Using the Framework

Healthcare organizations should consider using the PCI Data Security Standard as a framework that can help them select appropriate security controls, says Christopher Strand of Carbon Black.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

PCI DSS, which was designed primarily with payment card security in mind, is a "great baseline to establish some form of risk posture. It's a good example of looking to other industries and utilizing the tools that they have," Strand says.

In a video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Strand also emphasizes:

  • The need to go beyond a "checkbox" approach to security compliance;
  • The value of using a risk assessment to hone in on specific threats.

Strand, senior director, compliance and governance programs at Carbon Black, has more than 20 years of information technology and compliance experience. Previously, he held security/compliance positions at Trustwave, Tripwire, EMC/RSA and Compuware. A PCI Professional and trained Quality Security Assessor, he also has been certified on and is proficient with other regulatory disciplines, including HIPAA, North American Electrical Reliability Corporation and Gramm-Leach-Bliley Act.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.