The Art of PCI Compliance – Risk Assessment
Free Online Articles Directory
Why Submit Articles?
Top Authors
Top Articles
FAQ
ABAnswers
Publish Article
0 && $. browser. msie ) {
var ie_version = parseInt($. browser. version);
if(ie_version Login
Login via
Register
Hello
My Home
Sign Out
Email
Password
Remember me?Lost Password?
Home Page > Technology > The Art of PCI Compliance – Risk Assessment
The Art of PCI Compliance – Risk Assessment
Posted: May 17, 2011 |Comments: 0
|
]]>
The Payment Card Industry Data Security Standard (PCI DSS), is “a set of comprehensive requirements for enhancing payment account data security. “ In other words, PCI provides a set of tactics to protect the confidentiality and integrity of data. Great place to start – but it’s only part of the picture. Applying them appropriately requires situational awareness and knowledge of the company’s core values and strategy.
This series explores Sun Tzu’s approach to assessing an army’s readiness for battle as applied to compliance requirements in support of business strategies.
Assess the Risk
“Regulations are not designed to handle the kinds of threats, the kinds of vulnerabilities, and the kinds of problems that organizations are facing today,” said Edward Schwartz, CSO of NetWitness. He recommends that risk be assessed in the context of the processes that utilize the data being protected. Sun Tzu suggests a five-point risk assessment approach.
1) The Way – refers to the culture of an organization. A risk assessment must examine the impact of values and behavior on the overall security posture. The behaviors that are incentivized by management priorities must be considered; they may focus on business expediency at the expense of security.
2) The Weather – refers to seasonal changes in organizational priorities. A risk assessment must take patterns of organizational behavior into account. This step in the process is facilitated by alliances with business stakeholders.
3) The Terrain – refers to the competitive and technological landscape both within and outside the organization. Most security professionals are engaged to evaluate external threats. The internal landscape, however, presents greater issues, obstacles, and opportunities of which we must be aware. Organizations must understand the nature of the data stored, processed, and transmitted by their infrastructure. The scope of a PCI DSS assessment, for example, is determined by the distribution of cardholder data within the network.
4) The Leadership – refers to those who promote the corporate goals and enable those goals through tactical and operational initiatives. We must assess what role those leaders will play in the PCI implementation and how they impact the overall risk posture. By understanding our end-client – the business – you can architect a control strategy, and supporting tactics, that address risk while supporting management priorities.
5) The Discipline – refers to the enforcement of security policies and procedures. A risk assessment must consider the human factors that enable threats.
Retrieved from “http://www. articlesbase. com/technology-articles/the-art-of-pci-compliance-risk-assessment-4779047. html”
(ArticlesBase SC #4779047)
Start increasing your traffic today just by submitting articles with us, click here to get started.
Liked this article? Click here to publish it on your website or blog, it’s free and easy!
ANX -
About the Author:ANX – PCI DSS Compliance and Information Security Assessment
]]>
Questions and Answers
Ask our experts your Technology related questions here. . .
Ask
200 Characters left
How should a risk assessment be conducted ?
How is a risk assessment carried out?
I gave birtth to my daughter in Jan 2009 – i suffered a post partum episode and placed my child in voluntary foster care. Social services assessment say risk of relapse too high. any advice welcomed
Rate this Article
1
2
3
4
5
vote(s)
0 vote(s)
Feedback
Re-Publish
0) {
ch_selected = Math. floor(Math. random()*ch_queries. length);
if(ch_selected == ch_queries. length) ch_selected–;
ch_query = ch_queries[ch_selected];
}
}catch(e){
ch_query = document. title;
}
]]>
Source: http://www. articlesbase. com/technology-articles/the-art-of-pci-compliance-risk-assessment-4779047. html
Article Tags:
pci dss compliance, compliance assessment, grc software
Related Videos
Related Articles
Latest Technology Articles
More from ANX
Learn about PCI Compliance Reporting Functionality
Video showing the BIG-IP v10. 1 Application Security Manager’s new PCI reporting functionality. Get compliant in 5 Minutes or Less!! (05:00)
How to Get PCI Compliant In 5 Minutes or Less
Learn how to Video showing the ease of BIG-IP v10. 1 Application Security Manager PCI reporting functionality. Get compliant In 5 Minutes or Less!! (05:00)
Tech Topics – PCI-E Wattage
Watch tech reviews of products and componets. This video discusses PCI-E Wattage (00:33)
Tech Topics – PCI-E x8 vs x16 CrossFire/SLI
Watch tech reviews of products and componets. This video reviews PCI-E x8 vs x16 CrossFire/SLI (00:35)
Tech Topics – PCI-E Compatibility
Watch tech reviews of products and componets. This video discusses PCI-E Compatibility (00:41)
How easy is it to become PCI DSS Compliant?
As part of my daily ritual, I search security news for interesting articles to see how other organizations are approaching compliance and risk management.
By:
ANXl
Technologyl
May 17, 2011
Overcoming Communication Barriers with Transceivers for Better Trends in Business
The evolvement of communication has revealed many intriguing facets and helped in improving relations across distances which were not possible previously.
By:
ajaxl
Technologyl
Jun 13, 2011
Alternate energy- a new form of energy
We need energy for so many things. For cooking, for generating electricity, to run vehicles, to apply force, etc.
By:
Jeffrey Raudzusl
Technologyl
Jun 11, 2011
The Apple White iPhone 4 Well worth Obtaining Right now
The front and back again are built of a glass which is really powerful and has been handled with a special coating to safeguard it. Numerous reviewers on the internet have claimed that they purposely have dropped their iPhones four quite a few times from several various positions and heights and it has held up superbly. This in alone is remarkable, with so a lot of of us that set our phones in our pockets or in purses with keys and other objects which would could scratch it, as properl. . .
By:
Willis Lawsonl
Technologyl
Jun 10, 2011
Obtain iPhone 4 With Retina Screen
There is not any true set up to get this distinct characteristic to operate, nor any added software requires to be installed. The only damaging about this function is that at this time you can only video conference with other white iPhone four owners. A different important update is that now the white iPhone 4 digital camera arrives with a constructed in LED Flash, generating indoor images a lot of occasions clearer and brighter. 1 thing that has electronic enthusiasts enthusiastic ab. . .
By:
Willis Lawsonl
Technologyl
Jun 10, 2011
The Apple White iPhone 4 Well worth Getting These days
The iPhone four white has added a new feature termed Facetime. This is fundamentally a video clip conferencing digital camera. There is not any real set up to get this distinct element to work, nor any further software package wants to be installed. The only adverse about this feature is that at this time you can only video conference with other white iPhone four owners. So if you want an iPhone 4, you could try seeking these misspelled terms, ‘ihone 4′. . . ‘iphone four’. . . ‘iphon 4′. . e. . .
By:
Willis Lawsonl
Technologyl
Jun 10, 2011
Outsourcing Security? Think Responsibly!
All good intentions don’t always end up with the desired result we were originally seeking or desired. The same can be said when it comes to the ever changing world of information technology and security.
By:
ANXl
Computers>
Softwarel
Jun 10, 2011
PCI Compliance is a Helpful Hassle
One of my favorite summertime activities is camping with my family. Campfires, hiking, outdoor cooking and just unplugging from the daily grind. We camp in a 30′ RV which really blurs the line between camping and staying at a hotel.
By:
ANXl
Technologyl
May 19, 2011
How easy is it to become PCI DSS Compliant?
As part of my daily ritual, I search security news for interesting articles to see how other organizations are approaching compliance and risk management.
By:
ANXl
Technologyl
May 17, 2011
Add new Comment
Your Name: *
Your Email:
Comment Body: *
Verification code:*
* Required fields
Submit Your Articles Here It’s Free and easy
Sign Up Today
Author Navigation
My Home
Publish Article
View/Edit Articles
View/Edit Q&A
Edit your Account
Manage Authors
Statistics Page
Personal RSS Builder
My Home
Edit your Account
Update Profile
View/Edit Q&A
Publish Article
Author Box
ANX has 4 articles online
Contact Author
Subscribe to RSS
Print article
Send to friend
Re-Publish article
Articles Categories
All Categories
Advertising
Arts & Entertainment
Automotive
Beauty
Business
Careers
Computers
Education
Finance
Food and Beverage
Health
Hobbies
Home and Family
Home Improvement
Internet
Law
Marketing
News and Society
Relationships
Self Improvement
Shopping
Spirituality
Sports and Fitness
Technology
Travel
Writing
Technology
Cable and Satellite TV
Cell Phones
Communication
Electronics
Gadgets and Gizmos
GPS
Satellite Radio
Video Conferencing
VoIP
]]>
Need Hеlр?
Contact Uѕ
FAQ
Submit Articles
Editorial Guidelines
Blog
Site Links
Recent Articles
Top Authors
Top Articles
Find Articles
Site Map
Mobile Version
Webmasters
RSS Builder
RSS
Link tο Uѕ
Business Info
Advertising
Uѕе οf thіѕ web site constitutes acceptance οf thе Terms Of Uѕе аnd Privacy Policy | User published content іѕ licensed under a Creative Commons License. Copyright © 2005-2011 Free Articles bу ArticlesBase. com, All rights reserved.
Tags: Assessment, Compliance, Risk