October 30, 2014. In order for an organization to comply with PCI DSS Requirement 12.6, a formal security awareness program must be in place. There are many aspects to consider when meeting this requirement to develop or revitalize such a program. The best practices included in this information supplement are intended to be a starting point for organizations without a program in place,or as a minimum benchmark for those with existing programs that require revisions. Best Practices for Implementing Security Awareness Program v1.0, 25 pg PDF recommended for IT and PCI compliance leaders.
One of the biggest risks to an organization’s information security is often not a weakness in the technology control environment. Rather it is the action or inaction by employees and other personnel that can lead to security incidents.
The free guidance will help merchants establish security standards in their business.