The Green Sheet Online Edition
December 10, 2012 • Issue 12:12:01
PCI SIG risk assessment guidance released
The PCI Security Standards Council (PCI SSC) recently released a set of best practices designed to help organizations assess and correct security vulnerabilities.
The supplement's objective is to help merchants, service providers, acquirers and issuers comply with the Payment Card Industry (PCI) Data Security Standard (DSS). The document was produced by the PCI Risk Assessment Special Interest Group (SIG), which included representatives from banks, retailers, security assessors and technology vendors.
The PCI DSS requires businesses to have a process for assessing payment card data threats and vulnerabilities in their payment systems. This is in addition to requiring that businesses take certain steps to protect data, as well as correct vulnerabilities found.
A risk assessment helps companies to reduce exposure to data theft. The new PCI DSS Risk Assessment Guidelines Information Supplement offers guidance from members of more than 60 payments industry organizations.
A key focus area for stakeholders
"As there are a number of risk assessment methodologies out there, our stakeholders were looking for guidance on how to effectively apply these principles to their organizations to meet PCI requirements," said Bob Russo, General Manager of the PCI SSC. "As an open standards body, SIGs are one of the many ways we're able to tap into the brain trust that is our global community."
The supplement recommends that businesses formalize risk assessment methodology in a simple way that accommodates the corporate culture and organizational requirements. It also urges businesses to implement risk assessment continuously to mitigate threats and vulnerabilities quickly.
The document additionally reminds businesses that implementing risk assessment doesn't relieve the organization of its duty to comply with the PCI DSS or other PCI standards. And it emphasizes formal training on risk assessment processes for risk assessors to help them understand threats and vulnerabilities that could negatively impact their companies' systems.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.