Aberdeen Group:Making Progress in PCI Compliance: Assessing Risk

"Aberdeen research has shown that Best-in-Class companies conduct vulnerability and risk assessments more frequently and more broadly than their Industry Average and Laggard counterparts. They also prioritize and remediate the most critical vulnerabilities found as a result of assessment scans more quickly, reducing their window of exposure for security issues by a factor of 1.7. Aberdeen's June 2008research on PCI DSS and Protecting Cardholder Data revealed that Best-in-Class organizations are between 40% and 90% more likely than lagging companies to conduct regular vulnerability and risk assessments for all system components in their card processing environment, as part of a sustainable approach to assessment, prioritization, remediation, and management." Aberdeen Group:Making Progress in PCI Compliance: Assessing Risk