Netwrix sums up auditors’ most common questions to help companies minimize the burden of compliance audits
Irvine, CA, September 1, 2015
According to the 2015 Verizon PCI Compliance Report, around 80% of companies failed to comply with all the requirements of the PCI standard. While some popular frameworks can help companies pass compliance audits more smoothly, many organizations still fail to answer fairly simple questions asked by external auditors. Treating validation tests as a check-box exercise, companies often focus their efforts on creating an illusion of compliance rather than trying to actually fulfil the requirements. Such an approach does more harm than good, as it provides organizations with a false sense of security and leaves them extremely vulnerable to data breaches.
Netwrix Corporation, a provider of IT auditing software that maximizes visibility of IT infrastructure changes and data access, summarizes its clients’ audit experiences and frames five questions that auditors usually ask to determine whether a company is able to safeguard its most valuable assets:
"Although passing compliance audits is vital for maintaining the security of the IT environment, it doesn’t give you 100% protection against cyber threats," said Michael Fimin, CEO and co-founder of Netwrix. "Any compliance audit shows the state of the IT infrastructure at a certain point; however data must be secured during the entire period between validation assessments. Therefore companies need to have complete visibility into what is happening across their most critical systems and establish absolute control over each security component. Only then will regulatory compliance be considered not as a burden, but as an opportunity to improve business processes and strengthen cyber security."
"As the focus of most compliance standards on logging and monitoring is the detection of incidents and after-the-event fact finding, it’s important to have a clear incident response process," states the 2015 Verizon PCI Compliance Report. "If your logging and monitoring provides the visibility compliance standard requires, it is much easier to demonstrate to an auditor that you have a thorough understanding of your environment and answer their questions."
Want to know more about compliance? Please check out Netwrix white paper Compliance Demystified: http://start.netwrix.com/white_paper_compliance_demystified.html
Netwrix Corporation is a provider of IT auditing software that maximizes visibility into who changed what, when and where and who has access to what in the IT infrastructure. Over 6,000 customers worldwide rely on Netwrix to audit IT infrastructure changes and data access, prepare reports required for passing compliance audits and increase the efficiency of IT operations. Founded in 2006, Netwrix has more than 70 industry awards and was named to the Inc. 5000 list and Deloitte Technology Fast 500. For more information, visit www.netwrix.com
E.S. Jones Public Relations
Your questions and feedback are always welcome. Please dial our toll-free number, 888-638-9749, or enter your question details here and we will reply as soon as possible.