Hot Topics
Security Bloggers Network 
SBN

The Sweeter Side of PCI Compliance

by FireMon on January 20, 2022

I can’t tell you everything about security pros (be wary of those who claim they can), but I can tell you this: no one goes into security to write reports. They take time; they’re tedious; and writing them doesn’t make your organization any safer. That said, they are important. Security compliance is not all there is to keeping your organization safe, but security standards have an important role in the process. With that role comes oversight and yes, reports.

I’m a security guy myself. Before joining FireMon, I spent 7 years running in-house security for a Fortune 500 company. We handled a significant amount of sensitive data, and part of protecting that data included regulatory compliance. Among others, we adhered to Payment Card Industry Data Security Standard, more commonly referred to as PCI Compliance.

Challenges with PCI Reporting

Barb oversaw PCI compliance at our organization. She needed PCI reports on the first of the month each quarter. My team was responsible for the reports covering our firewalls. Barb was (and still is) great — nice, friendly, easy to work with, yet our teams struggled to get the reports to her on time. Struggled is an understatement. We never got them to her on time. Creating them took my team hours to manually pull the data which meant less time to do the work we needed to do to support our security posture.

However, Barb’s reports were not only necessary to keep our board of directors informed, but they were also needed for annual PCI audits. Compliance audits are justifiably no joke. Regulatory violations have penalties that can seriously impact your ability to conduct business. The process was unsustainable. I began looking for a solution.

stack of audit papers

On-time PCI Reports with Automation

I didn’t have to look far. I looked at the tools we’d acquired for security management. FireMon was among them, and although we hadn’t brought them on for compliance, we quickly discovered they had exactly what we needed. Before, my team would take hours each quarter to manually pull a report for Barb that would inevitably be delivered past deadline. But with FireMon’s built-in compliance assessments, we set up automated reports with the information Barb needed and set it to automatically send each quarter on the day she requested.

Cookies for All

Then I promptly forgot about it. When the next quarter rolled around, I began mentally preparing to start the tedious task of PCI reporting. Before I got too far down the path, Barb showed up at my office with a huge smile and some delicious chocolate chip cookies, thanking me for getting her the report on time. My team was the first team to get her the report she needed; we were also the only team to get it to her on time.

It was the solution we needed that we didn’t know existed. We no longer dreaded the beginning of each quarter, we could stay focused on projects that improved the company’s security posture, and Barb got the information she needed exactly when she needed it. Plus, you know: cookies.

I hired FireMon before I ever came to work here, and I often share this story with security folks I talk to. “Now you might not get cookies from your Barb,” I say. “But stranger things have happened.”

The post The Sweeter Side of PCI Compliance appeared first on FireMon.

*** This is a Security Bloggers Network syndicated blog from FireMon authored by FireMon. Read the original post at: https://www.firemon.com/the-sweet-side-of-pci-compliance/

FireMon ,