Skip to main content
0 Results Found
              Back To Results

                3 Reasons Organizations Still Fail a PCI Report on Compliance

                Avoid common pitfalls

                For many organizations, PCI compliance is a necessary part of doing business.

                However, a report on compliance failure could be disastrous for the business and the time and cost of remediation can escalate quickly.

                In this video, Mihir Mistry, Senior Security Manager for GRC covers the top three reasons organizations fail a report on compliance including:

                • Staffing changes
                • Misunderstanding of basic elements of risk management
                • Representing a vulnerability assessment as a penetration test


                One common theme that we see that results in a failure of a report on compliance is staff changes. So this is an industry where there’s a lot of change right now, so you have a certain staff and now you lose that and they don’t know what the new scope is. Scoping is the core in a PCI engagement. How to you scope your network? How do you scope where your cardholder data resides? And if you don’t scope that properly that is a big factor in failure of PCI compliance.

                The other one is just understanding the basic elements of security and risk management. A lot of clients look at this as a compliance thing, it’s a check box approach. But if they truly do not understand the risk of what this means to my organization. ‘If I get breached then what happens to my customers?’ So, the whole risk management approach, if they fail to understand that, that is one of the big elements that also results in failure of PCI compliance.

                So this is really basic that we see, but failure of understanding some basic elements like, what does penetration testing mean. We see a lot of times where clients think they have done a penetration test and they will bring it back to us. But when we look at that, it’s basically a scan; it’s not a true penetration test. So again, just basic elements like that. So our advice is always to do something like a readiness assessment first before you jump into a report on compliance. That way a lot of these elements can be addressed first, and you have some room to remediate those efforts and that can result in a positive compliance.

                We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
                Sunil Saale, Head of Cyber and Information Security, Minter Ellison
                With Secureworks Taegis ManagedXDR, I have the peace of mind that my environment is being monitored 24x7 and if a threat actor tries to attack Secureworks will alert me, quickly investigate, and collaborate to fully resolve before damage can be done.
                Jerry Ryan, VP of IT, We Florida Financial

                Why Secureworks?

                Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

                Related Content

                Close Modal
                Close Modal