top of page
©
Search

Some facts about the PCI DSS Standards & the way its being Assessed .

Updated: Oct 6, 2020

PCI DSS is for the environment processing , transmitting & storing Card Holder Data .


What if any of the business cannot mitigate a GAP , how do you tackle such problem as an Assessor ?


Work along with such Customer to define a Compensating control for the primarily deficient Control . Measure the risk level prior & post implementation of such control , if the risk has reduced to some level , to what level ? , is the risk now at the acceptable level ? . Implement additional control to monitor to ensure risk is mitigated to meet the base requirement . Ensure secondary controls together meet the rigor of primary control .


Having a Gap in the understanding on certain Technology or the Technical Controls leads to compromise on the quality of Assessment .


Yes absolutely , its very important for Assessor to develop the required minimum skills around the technology within the scope of the assessment to be one of those good Assessors/Auditors , this is one of biggest issue & the challenge right now in the Industry to be very straight & honest here . I personally have seen stories being written very far away from the requirement & the reality .

Even though the standards are very directive & descriptive in nature , but an Assessor should not just blindly follow it line by line , one need to apply the best of his skills & knowledge to be able to reason upon before drawing any conclusions .


Its very important for all of us to work towards bringing the best , to be able to create a world which is secure & safer for all . Keep working to follow continuous Improvement cycle process . I recommend to use Capability Maturity assessment Model on individuals first & then towards the teams & organisation to understand the GAP's to be able to move forward …..








23 views0 comments

Recent Posts

See All

802.11 Wi-Fi Architecture

Introduction Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting.

bottom of page