Tripwire, Inc., a leading global provider of risk-based securityand compliance management solutions, today announced the results ofresearch on risk-based security management in the retailindustry.

The survey, conducted in April 2013 with the Ponemon Institute®,evaluates the attitudes of 1,320 respondents from IT security, IToperations, IT risk management, business operations,compliance/internal audit and enterprise risk management. Onehundred sixty-two retail sector respondents from the U.S. and U.K.participated in the retail portion of the survey.

The most recent version of the Payment Card Industry DataSecurity Standard (PCI DSS 3.0) will soon require businesses toimplement and perform penetration testing. In addition, PCI DSS 3.0will also clarify different methods of secure authentication andsession management so businesses can better protect themselvesagainst man-in-the-middle, man-in-the-browser and other similarcyber attack methods. However, the study revealed that the retailindustry hasn't yet implemented these new securityrequirements.

Key findings include:

Only 41% of the retail sector uses penetration testing toidentify security risks.

Only 34% of the retail sector measures the reduction in accessand authentication violations to assess risk managementefforts.

Only 44% of the retail sector has fully or partially deployedfile integrity monitoring.

62% of IT professionals in the retail sector say that negativefacts about security risks are filtered before being communicatedwith senior executives.

“Although these survey results don't reflect it, the retailindustry is very focused on PCI 3.0 compliance,” said MichaelThelander, director of product management for Tripwire. “AndTripwire is hard at work to make these new controls less expensive,easier to implement, more scalable and more intelligent out of thebox.”

For more information about this survey, please visit:http://www.tripwire.com/ponemon/2013/