Don't Blame That Checklist for Your Crappy Security Program

Explore the intricacies of security program management in this 44-minute conference talk from AIDE 2016. Delve into the world of Governance, Risk, and Compliance (GRC) with a focus on the Payment Card Industry Data Security Standard (PCI DSS). Learn why blaming checklists for security program failures is misguided and gain insights into effective implementation strategies. Examine the realities of security frameworks, standards, and information supplements. Discover valuable lessons on avoiding common pitfalls and misconceptions in security program development. Engage with thought-provoking questions that challenge conventional wisdom in the field of cybersecurity.

Intro
Global traveler
Finder of NFAIL
Standards, frameworks, etc.
What is GRC?
GRC concept...
GRC for PCI
PCI DSS
Information Supplement
Reality check
What the what!?!?
What did we learn?
What were you thinking?!?!
Questions?