A leading bank in the GCC region was keen to achieve PCI DSS compliance, but the bank faced challenges on multiple fronts. Lack of well-defined processes, a high level of end-of-life (EOL) systems and a complex infrastructure landscape born out of a merger, expanded the scope of assessment.
SISA first conducted an in-house workshop for senior executives to help bridge their employee’s cybersecurity awareness gap, following which it proposed a three-phased approach to implementation consisting of Scoping and Assessment, Remediation and Certification. The assessment revealed that cardholder data was stored in multiple databases in plain text. SISA recommended 200+ action points for remediation, mapped these to respective departments and created a milestone-based plan for addressing these.
By investing in relevant security tools and remediating all the action points recommended by SISA, the bank was successful in achieving PCI DSS certification in six months’ time. The certification also helped the bank achieve a better security posture and comply with regulatory mandates.
Read the complete case study to know more.