Fitting PCI DSS within a wider governance framework

The Information Commissioner's Office recently announced that the number of reported data breaches involving personal information in the UK has surpassed 1,000. Overall, 307 of the reported infringements were because of stolen data or hardware and an additional 233 were as a result of lost data or hardware. So, even though security practices have improved over the years, these statistics still reveal a worrying approach towards data protection and compliance within organisations. Although compliance standards such as Sarbanes Oxley, Basel II and PCI DSS have been in place for a while, now that organisations run the risk of the ICO fining them £500,000 for a data breach, there has never been a more pressing time to implement a holistic approach to compliance. © 2010 Elsevier Ltd.