Verizon – Payment Security Report
Data protection and compliance present daily challenges. Security specialists must be on their toes to assure that controls remain in place and perform consistently. Despite good intentions, more than half of organizations are still struggling to design, implement and maintain a sustainable compliance program.
One challenge is that many security professionals believe they can protect data by following a script, as if doing A, B and C in the correct order will achieve effective and sustainable data protection. In the real world, things are messy. Organizations might be spending a lot of time and money creating their DPCPs, but many are ineffective and fail to advance beyond a program that looks good on paper but
does not withstand the scrutiny of a professional security assessment. The DPCPs lack the design, implementation, review process and revisions to become effective and sustainable.
Additionally, organizations have inadequate or overly complex strategies, which originate from a lack of proficiency in designing, implementing, monitoring and evaluating a DPCP.