What Are The Benefits of a PCI Assessment?
Perhaps the obvious answer is confidence and assurance that the cardholder data environment (CDE) is securely controlled. But there many "spill over" benefits that many organizations see by performing PCI assessments through a Qualified Security Assessor (QSA). Organizations, and in particular their security, compliance, and risk management departments, have the opportunity to leverage the information security practices learned and adopted for the CDE and apply those practices throughout the organization outside the CDE.
Here are some common areas, to name a few:
- Information security policies and procedures
- Risk assessments
- Intrusion detection
- Vulnerability scanning
- Penetration testing
- Secure application development
- Patching and vulnerability management
- System hardening procedures
- Cryptographic key management practices
- Daily operational security procedures
- Incident response
About the Author
Eric Sampson is a Manager at Schellman. Eric began his professional career in 2005 while working as an IT auditor in Philadelphia. Eric executed several critical projects for clients in the areas of information security and Service Organization Controls (SOC) reporting projects. To date, Eric has provided services to clients in the healthcare, information technology, and financial services industries, among others.More Content by Eric Sampson