Effective Security Program

ENSURING AN EFFECTIVE SECURITY PROGRAM IN THE ORGANISATION

There are several elements that we have found to be critical to ensuring an effective security program in the organizations.

• Be open and honest about the effectiveness of your security program and regularly share an honest assessment of your security posture with the executive team and board.

We use a data-driven approach that scores our program across the categories: risk intelligence, malware prevention, vulnerability management, identity and access management, and detection and response. Scores move up and down not only as our defenses improve or new vulnerabilities are discovered but also as threats change. The capabilities of the adversaries are growing, and you need a dynamic approach to measurement.

• Invest in security before investing elsewhere. A well-controlled environment gives you the license to do other things. Great and innovative products and services will only help you win if you have a well-protected business.
• Don’t leave the details to others. Active, hands-on engagement by the executive team and the board is required. The risk is existential. Nothing is more important. Your involvement will produce better results as well as make sure the whole organization understands just how important the issue is.
• Never think you’ve done enough. The bad guys are smart and getting smarter. They aren’t resting, and they have more resources than ever. Assume they will attack.

Defending against cyber threats is not something that we can solve for our company in a vacuum. At Visa, we must protect not only our own network but the whole payments ecosystem. At the heart of Visa’s security strategy is the concept of “cyber fusion,” which is centered on the principle of shared intelligence—a framework to collect, analyze, and leverage cyber threat intelligence, internally and externally, to build a better defense for the whole ecosystem.

Championing security is one of Visa’s six strategic goals. This is an area where there are no grades—it is pass or fail, and pass is the only option. Cybersecurity needs to be part of the fabric of every company and every industry, integrated into every business process and every employee action. And it begins and ends at the top. It is job number one.

accounts had been compromised—a pivotal moment for our industry. The losses experienced by our clients, combined with the impact on consumer confidence, galvanized our industry to take actions that, we believe, will have a meaningful and lasting effect on how the world manages sensitive consumer data—not just payments. We are taking action as an ecosystem, to collaborate and share information across industries and with law enforcement and governments and to develop new technologies that will allow us to prevent attacks and respond to threats in the future.

Consumer purchases online and with mobile devices are growing at a significant rate. In order to prevent cyberattacks and fraudulent use of consumer accounts online, Visa and the global payments industry adopted a new payment standard for online payments. The new standard replaces the 16-digit account number with a digital token that is used to process online payments without exposing consumer account information.

By:  ULAYA SIJALI A. (BAPRM 42681)