SISA claims to have become the first Asian infosec firm to break into what has been an exclusively Western preserve. Dharshan Shantamurthy, chief consultant and CEO, SISA Information Security expects the Indian infosec community to receive significant visibility on the global scale as a result of this development.
This is the first SIG election to be held by The PCI council. Previously, SIG initiatives were decided by the PCI board of advisors. A decision was made this year to directly address the needs of the community and the payment card industry, says Shantamurthy.
SISA’s paper on risk assessment was selected from a host of international applications. After culling down the received nominations to 13 and eliminating overlaps, seven papers were chosen. These were subjected to voting by the participating organizations. SISA won a majority community vote of 72% for its proposal.
The SIG will be led by a PCI council member, and SISA is expected to play an active role in the group’s development. However, Shantamurthy says that he does not have visibility on the specifics of SISA’s role. The SIG’s next plan is to invite risk assessment experts from participating global organizations to champion its cause.
The SIG document is expected to focus on structured risk assessment, and not meant to supersede the standard. “This will hopefully translate to savings in time and money for organizations, in addition to increasing the PCI standard’s focus on risk,” adds Shantamurthy.