About CSS

Case Study: Risk Quantification Prepares Financial Company Processing Payments for Audit

May 1, 2019

Monetary Risk Quantification prepares financial company for PCI audit

 

Download the PDF

 

 

CLIENT INDUSTRY

Financial

 

PROBLEM

A leading marketing company that processes credit cards was scheduled for a periodic PCI compliance audit based on the Payment Card Industry Data Security Standard (PCI DSS) and required a risk quantification as a part of the process. The client also wanted to implement risk assessment practices within the company, necessitating an example of its benefits to the executives and Board of Directors.

 

SOLUTION

CSS completed a monetary risk quantification on the company’s PCI system using the Factor Analysis of Information Risk (FAIR) model to make sure this requirement of the audit was met. Our team also partnered with the client to communicate the value of risk quantification to the board of directors and executives for enterprise-wide adoption.

 

BENEFITS TO CLIENT

» Fulfilled risk assessment requirement for PCI audit compliance

» Used actionable data from monetary risk quantification (MRQ) to evaluate client contracts, insurance, and overall system architecture

» Demonstrated the value of MRQ for adoption at an enterprise-wide level

 

Successful Risk Quantification Highlights

» Evaluated client needs through a consultation and data gathering workshop

» Executed high-level FAIR education

» Completed data calibration exercises in addition to internal and external quality assurance

» Performed mitigation scenarios around IT acquisition, changes to system architecture, and business process alterations

» Drafted out-brief, attended presentation of out-brief to the board of directors, and provided a final report

 

Click here to schedule a free risk consultation and ask questions about how risk quantification be applied to your business.

 


About CSS

Converged Security Solutions, along with Evolver and eVigilant, provide a full suite of technology services that span cybersecurity, physical security, and IT management. We are ISO 27001 and ISO 9001 certified, as well as CMMI Level 3 appraised.