Press Release

ControlScan, Inc. and 2-sec, Ltd. to Present "Incident Response Plan Toolkit" SIG Proposal at North American, European Payment Card Industry Community Meetings

PCI Special Interest Group would improve merchants' risk preparedness, incident handling

ATLANTA and LONDON, Sept. 12, 2013 - Payment security and compliance solution provider ControlScan, Inc., and  security testing, QSA, PA-QSA and consulting firm 2-sec, Ltd., jointly announced today that they will present their proposal for a 2014 Special Interest Group (SIG) at the North American and European Payment Card Industry (PCI) Community Meetings this fall. The proposed SIG would be responsible for developing guidance, including an "Incident Response Plan Toolkit," to help merchants reduce response-related costs and recovery time following a data breach event.

Since 2011, the PCI Security Standards Council has invited members of its community to preside over SIG projects that enhance the value of the PCI Data Security Standard (DSS). The 2014 SIG proposal submitted by ControlScan and 2-sec is designed to help merchants develop an effective incident response plan (IRP) in accordance with PCI DSS Requirement 12.9. The Ponemon 2013 Cost of Data Breach Study found that U.S.-based companies with an incident response plan in place prior to a breach event paid as much as $42 less per breached record than companies without an IRP.

"A well-rounded IRP enables the merchant to act quickly and appropriately should they suspect that a data breach has occurred," said Steve Robb, senior vice president of products and services, ControlScan. "All organizations, from the large enterprise to the 'mom-and-pop' shop, can greatly benefit from an easy-to-use toolkit for putting this type of plan together."

Members of the proposed "IRP Toolkit" SIG would create a compilation of instructions, recommendations, templates, checklists and quick links intended to help merchants easily assemble a plan of action conforming to their unique business and operating conditions. According to ControlScan and 2-sec, small and mid-sized businesses (SMBs) would benefit most from incident planning and response guidance because these organizations are typically in a reactive state when it comes to data security. Limited technical knowledge and tight budgets can make SMBs an easy target for data thieves as they seek out and exploit the paths of least resistance.

"Incident response planning is not just about being able to execute a plan should a mission-critical data breach occur; it's about putting procedures in place to manage security incidents at any level and feeding them back into the information security lifecycle on a daily basis," said Tim Holman, founder and CEO, 2-sec. "Organizations that do not learn from incidents will inevitably fall behind and will not be able to evolve or improve the rest of their security controls and move to a business-as-usual security culture."

ControlScan's Robb will give a live presentation of the ITP toolkit SIG proposal at the PCI SSC North American Community Meeting, Sept. 24-26 in Las Vegas, while 2-sec's Holman will present at the European Community Meeting, Oct. 29-31 in Nice, France. Voting on the 2014 SIG proposals will take place via an online election in November. For more information about ControlScan and 2-sec, and their respective solutions, please visit www.controlscan.com and www.2-sec.com.

About ControlScan
Headquartered in Atlanta, ControlScan delivers unified security and compliance solutions that help small and mid-sized businesses secure sensitive data and comply with information security and privacy standards. We support business owners, franchisees and merchant service providers with technology, services and expertise for PCI DSS, HIPAA and EI3PA compliance; vulnerability detection and risk mitigation; POS, e-commerce and mobile security; and more. For more information, please visit ControlScan.com or call 1-800-825-3301.

About 2-sec, Ltd.
Based in London, UK, 2-sec provides a specialist range of security testing and consultancy services. The company ethos is to employ the best, deliver the best and never to oversell or promote services that clients simply do not need, or cannot support. 2-sec have assisted a number of clients in the finance, insurance, retail, health, service provider and hospitality sectors, from small medium enterprises to FTSE-100 companies, and specialise in risk reduction and data loss prevention, through the implementation of risk, security and compliance initiatives. 2-sec's ongoing mission is to deliver cost-effective, honest and independent advice, through superior quality and consultant-led services. For more information, visit www.2-sec.com or call +44 (0) 121 352 6682.