PCI DSS as a Security Tool for HealthcareChristopher Strand of Carbon Black on Using the Framework
Healthcare organizations should consider using the PCI Data Security Standard as a framework that can help them select appropriate security controls, says Christopher Strand of Carbon Black.
PCI DSS, which was designed primarily with payment card security in mind, is a "great baseline to establish some form of risk posture. It's a good example of looking to other industries and utilizing the tools that they have," Strand says.
In a video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Strand also emphasizes:
- The need to go beyond a "checkbox" approach to security compliance;
- The value of using a risk assessment to hone in on specific threats.
Strand, senior director, compliance and governance programs at Carbon Black, has more than 20 years of information technology and compliance experience. Previously, he held security/compliance positions at Trustwave, Tripwire, EMC/RSA and Compuware. A PCI Professional and trained Quality Security Assessor, he also has been certified on and is proficient with other regulatory disciplines, including HIPAA, North American Electrical Reliability Corporation and Gramm-Leach-Bliley Act.