June 10, 2008
Enterprise Survey Results: Payment Card Industry Has Long Road to Compliance
NetIQ Delivers PCI Compliance Suite to Help Companies Meet Industry Mandate
Despite multiple extensions of the Payment Card Industry Data Security Standard (PCI DSS) compliance deadline, companies are still struggling to adequately protect the data of their customers. The threat of significant fines (up to $500,000) and loss of customers and company reputation in the event of a security breach have not radically spurred PCI compliance. A recent survey conducted by NetIQ Corporation, an Attachmate business, reveals that while companies are working diligently to meet the demands of the PCI DSS, compliance has proven much more difficult to achieve than anticipated.
Comprised of feedback from over 300 companies in North America, the sample demonstrates limited achievements in PCI DSS compliance since this standard's inception in 2004. For many, there is a significant challenge in incorporating strategic PCI DSS objectives into their day-to-day security operations.
Only 23% of participants stated that they are already PCI DSS compliant. Sixty-three percent of respondents reported that they have been working on PCI DSS compliance for longer than six months, yet 44% are still unsure of their timeline for becoming fully compliant. Additionally:
- Approximately 19% of respondents have been working on compliance for less than one month, further demonstrating that most organizations have a long road ahead to meet the PCI DSS requirements.
- An estimated 36% of respondents believe that external attackers are the main threat to cardholder data; whereas 52% firmly believe that insiders with access to data pose the greatest threat to cardholder data.
With limited accomplishments to date, and ongoing evolution of internal and external threats, organizations can greatly benefit from more refined PCI DSS compliance tools. Targeted PCI DSS compliance tools improve compliance postures as well as align with enterprise security objectives. Best-in-class tools further support organizational process improvement to enable consistent enterprise compliance and customer data protection on an ongoing basis.
To streamline the process of achieving PCI DSS compliance, NetIQ has developed the PCI Compliance Suitehttp://www.netiq.com/products/pcicompliance/default.asp. Specifically designed to deliver configuration and event management, compliance reporting, incident response, secure logging and policy creation and distribution, the PCI Compliance Suite helps customers establish and ensure that the requirements of PCI DSS are met on a continuing basis. The PCI Compliance Suite includes NetIQ® Secure Configuration Manager™, NetIQ Security Manager™ and the VigilEnt™ Policy Center, which work in concert to more quickly and cost-effectively achieve and maintain compliance.
"Although businesses have been working around the clock to adhere to the PCI DSS standard, it obviously remains an ongoing challenge," said Geoff Webb, senior manager, Product Marketing, NetIQ. "Our intent with the PCI Compliance Suite is to aid customers' adaptability of their current environment to compliance while also gaining measurable security improvements. By ensuring that compliance requirements are met, we can help our customers avoid costly fines, prevent security breaches and instill customer confidence and brand reputation."
For more information on NetIQ PCI Compliance suite, please visit: www.netiq.com/products/pcicompliance.
NetIQ, an Attachmate business, is a leading provider of comprehensive systems and security management solutions that help enterprises maximize IT service delivery and efficiency. With more than 12,000 customers worldwide, NetIQ solutions yield measurable business value and results that dynamic organizations demand. NetIQ's best-of-breed solutions help IT organizations deliver critical business services, mitigate operational risk, and document policy compliance. The company's portfolio of award-winning management solutions includes IT Process Automation, Systems Management, Security Management, Configuration Control and Enterprise Administration.
Copyright© 2019 Micro Focus Corporation. All Rights Reserved. Micro Focus and the Micro Focus logo are trademarks or registered trademarks of Micro Focus Corporation in the USA. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.