Yesterday, at RSA much press attention was paid to a metric that 41% of all organizations tested needed temporary compensating controls to meet even the minimum security provided by PCI DSS compliance.
This led us to this discussion. If so many organizations need temporary controls to do the minimum, then what controls, in your experience, are the most worthwhile for those struggling to meet PCI?
Please leave a comment and tell us what controls you find most useful, easiest to leverage and worth the investment for PCI compliance.
As always, thanks for reading and we look forward to your input.