Why Read This
PCI is controversial. As with any business requirement, it has its good parts and bad parts. Too many companies spin their wheels and complain about what they perceive as the negative or unjust parts of PCI. This does not help these companies become compliant or derive value from their compliance efforts. But bottom line, PCI is here to stay. It's time to move beyond complaining and embrace PCI to extract value. To get started, you must first acknowledge that the set of PCI requirements is really just good, basic security. In fact, PCI incentivizes security. It forces executives to take security seriously and unlocks security budgets. But to really maximize value, security and risk management executives must move beyond the five stages of PCI grief and: 1) shift their mindset to one of proactively embracing PCI; 2) implement PCI as a best practice underlying security framework; and 3) map PCI to other security standards like ISO. We refer to this as "PCI Unleashed."