Increasing economic efficiency or generating additional income

relemedf5w23 · Post by **relemedf5w23** » Thu Feb 13, 2025 4:47 am

The main drivers of information security in an organization are usually:

The need to comply with the formal requirements of regulatory documents (compliance).
Fear management is a reactive approach based on your own or public information security incidents.
Let us dwell in more detail on which regulatory documents require the presence of an awareness program in the field of information security or cybersecurity. Requirements for the presence of such a program are often found in international standards COBIT, ISO/IEC 27001 & 27002, PCI DSS and American laws SOX, HIPPA, FACTA, FISMA, which are de facto also spain whatsapp data for companies operating in the US market, or if the company's shares are traded on US stock exchanges.

The most relevant for the Russian market are the requirements of the international standard PCI DSS (Payment Card Industry Data Security Standard) - the standard for the security of data of the payment card industry, compliance with which is mandatory for organizations (for example, for banks) working with international payment systems, such as VISA or MasterCard. PCI DSS in paragraph 12.6 requires the implementation and legal registration of a program for increasing awareness in the field of security for mandatory familiarization of employees with the policy and procedures for the security of cardholders' data.