Intelligent CIO Europe Issue 11 | Page 30

TRENDING Rodolphe Simonetti, Global Managing Director for Security Consulting, Verizon robustness, therefore control resilience with proactive discovery and quick recovery from failure is essential for effectiveness and sustainability • Factor 6: Control Lifecycle Management: To achieve all of the 30 INTELLIGENTCIO above it is necessary to monitor and actively manage security controls throughout each stage of their life cycle from inception to retirement • Factor 7: Performance Management: Establishing and communicating performance standards to measure the actual performance of the control environment improves control effectiveness and promotes predictable outcomes of your data protection and compliance activities, allowing for early identification and correction of performance deviations • Factor 8: Maturity Measurement: A control environment should never be stagnant – it must improve continuously. To do so, businesses need a roadmap, a target level of process and capability maturity to track the degree of formality and optimisation of processes as indication of how close developing processes are to being complete and capable of continual improvement • Factor 9: Self-Assessment: Achieving all of the above requires in-house proficiency – resource capacity (people, processes and technology), capability (supporting processes), competency (skills, knowledge and experience) and commitment (the will to consistently adhere to compliance requirements) – in short, a self- assessment proficiency “Data-sharing and cross-industry collaboration is vital to understand the evolving threat landscape and to progress global payment security. As evident in this report, organisations continue to face challenges maintaining high- levels of security and demonstrating ongoing compliance in rapidly changing environments,” said Troy Leach, Chief Technology Officer of the PCI Security Standards Council. “Organisations should pay close attention to the findings in the report to remain vigilant for key learnings on how to remain secure. “Compliance should never be seen as the end goal for security but rather a measurement for an organisation’s continued success in protecting data.” In order to keep businesses on the right compliance track, Verizon has also developed a comprehensive timeline within the report which charts timing for specific compliance activities. n www.intelligentcio.com