TRENDING
Rodolphe Simonetti, Global Managing
Director for Security Consulting, Verizon
robustness, therefore control resilience
with proactive discovery and quick
recovery from failure is essential for
effectiveness and sustainability
• Factor 6: Control Lifecycle
Management: To achieve all of the
30
INTELLIGENTCIO
above it is necessary to monitor and
actively manage security controls
throughout each stage of their life cycle
from inception to retirement
• Factor 7: Performance Management:
Establishing and communicating
performance standards to measure
the actual performance of the
control environment improves control
effectiveness and promotes predictable
outcomes of your data protection and
compliance activities, allowing for
early identification and correction of
performance deviations
• Factor 8: Maturity Measurement: A
control environment should never be
stagnant – it must improve continuously.
To do so, businesses need a roadmap,
a target level of process and capability
maturity to track the degree of formality
and optimisation of processes as
indication of how close developing
processes are to being complete and
capable of continual improvement
• Factor 9: Self-Assessment: Achieving all
of the above requires in-house proficiency
– resource capacity (people, processes
and technology), capability (supporting
processes), competency (skills, knowledge
and experience) and commitment (the
will to consistently adhere to compliance
requirements) – in short, a self-
assessment proficiency
“Data-sharing and cross-industry
collaboration is vital to understand the
evolving threat landscape and to progress
global payment security. As evident
in this report, organisations continue
to face challenges maintaining high-
levels of security and demonstrating
ongoing compliance in rapidly changing
environments,” said Troy Leach, Chief
Technology Officer of the PCI Security
Standards Council.
“Organisations should pay close attention to
the findings in the report to remain vigilant
for key learnings on how to remain secure.
“Compliance should never be seen as the end
goal for security but rather a measurement
for an organisation’s continued success in
protecting data.”
In order to keep businesses on the
right compliance track, Verizon has also
developed a comprehensive timeline within
the report which charts timing for specific
compliance activities. n
www.intelligentcio.com