PCI Risk Assessments – Why Is It Important?

April 28, 2014

The goal of PCI DSS is to reduce the risk of credit card breaches. That, however, is a broad statement intended to apply to any business model and security control set.

In order for an organization to effectively manage its own risk, it must complete a detailed risk analysis on its own environment. The goal for the risk analysis is for the organization to determine the threats and vulnerabilities to services performed and assets. As part of a risk assessment the organization should define its critical assets including hardware, software, and sensitive information - and then determine risk levels for those components. This in turn allows the organization to determine a prioritization level for reducing risk. It is important to note that risks should be prioritized for systems that will be in-scope for PCI DSS and then other company systems and networks. The PCI Security Standards Council (SSC) and the PCI DSS requirements themselves provide a lot of guidance on scoping a PCI DSS environment but this may be an area where the organization would want to contract with a QSA firm to validate the scope.

Have a question? Fill out the form at the bottom of the page.
 

Previous Article
PCI: What Are The Benefits of a PCI Assessment?
PCI: What Are The Benefits of a PCI Assessment?

What Are The Benefits of a PCI Assessment?  

Next Article
EMV, where art thou?
EMV, where art thou?

Do you find yourself having to ask a retailer whether to swipe or insert your card at the termin...