Proficio PCI DSS 3.0 Readiness Survey Characterizes Challenges in Meeting New Requirements

Share Article

Less than half of respondents to Proficio's survey on PCI DSS readiness claimed to meet PCI 3.0 requirements today.

“The results of our survey show that there is still work to be done to meet the new requirements in PCI 3.0,” said Brad Taylor, CEO, Proficio.

Proficio, a leading Next-Generation Managed Security Service Provider (MSSP), today announced the results of its survey on PCI DSS 3.0 readiness. Less than half of those surveyed claimed to meet PCI 3.0 requirements today. The survey respondents comprised security and compliance professionals from retail, financial services, healthcare, education, government, and other sectors.

“PCI 3.0 increases the demands on organizations to improve payment card data security and further emphasizes the need for continuous security monitoring,” said Brad Taylor, CEO, Proficio. “The results of our survey show that there is still work to be done by organizations striving to meet the latest PCI requirements. As a Next-Generation Managed Security Service Provider (MSSP), we model and monitor our customers’ security policies and controls to ensure PCI compliance and help prevent data breaches.”

Survey Highlights

State of Readiness:
Less than half of those surveyed (43%) claimed to meet PCI 3.0 requirements today with the rest reporting they do not meet requirements (34%) or did not know (23%). 90% of respondents claimed to being between moderately and highly confident that they will be fully compliant by June 30, 2015.

Biggest Challenges:
When asked what are the biggest challenges facing organizations in achieving PCI 3.0, the three most frequent responses were:

  • Ensuring service providers meet new requirements
  • Increased requirement for security monitoring
  • Completing a risk-assessment/penetration test

Segmentation of Data:
In regards to the new requirement to perform penetration tests to verify the methods used to segment the Cardholder Data Environment (CDE), a little less than half (49%) of respondents said this had already been completed.

Evolving Malware Threats:
The most common responses to a question on how organizations will address malware from systems not considered to be commonly affected by malicious software were:

  • Use existing anti-virus systems
  • Monitor events on the network for unusual behavior

Some respondents indicated that they plan to buy new anti-malware systems for endpoints or gateway deployment.

Document MSP Responsibilities:
Of respondents that use managed service providers, 43% reported that they had formally documented which PCI DSS requirements were managed by their MSP(s) and which were managed in-house.

Use this link to download the results:

Proficio’s PCI Compliance Services

Proficio’s ProSOC PCI Compliance and Security services include the following:

  • 24×7 security event monitoring, alerting, and remediation
  • Advanced SIEM analysis and correlation of security events to protect against complex attacks and insider threats
  • Actionable intelligence that enables internal IT teams to effectively and quickly resolve issues
  • Threat Intelligence
  • Active Defense that blocks targeted attacks in real-time
  • Monitoring of policies and controls associated with PCI DSS requirements
  • PCI compliance reporting and dashboards
  • 12 months of free log retention
  • Visibility to event logs with easy-to-use web portal, powerful reporting, dashboards, and drill down analytics
  • Vulnerability management including quarterly managed vulnerability scans
  • Risk-assessments and penetration testing services

For information on Proficio’s services, email: info(at)proficio(dot)com.

About Proficio

Proficio is a leading provider of next-generation managed security services. We are changing the way organizations meet their IT security and compliance goals by providing the most advanced cloud-based solutions to monitor and scan critical assets without the need for added headcount or costly software or hardware systems. Proficio’s ProSOC service logs, monitors and analyzes organizations’ security events. Staffed 24×7 by security experts and using industry leading SIEM technology, ProSOC helps organizations address critical security and compliance needs, prevent data breaches, and reduce operations costs. Our customers value our insight, experience and unrelenting passion for defending their networks and applications from cyber attacks. For more information see:

Share article on social media or email:

View article via:

Pdf Print

Contact Author

John Humphreys
Proficio Inc
+1 650-714-7218
Email >
Follow >
Visit website