Many a times we encounter situations where we find that certain Information Security Policy requirements and considerations are not in line with the Global Security Best Practices and they actually are not in-line with the Global Standards to that effect. But, the major mistake that we make at such a point is to take into …
PCI-DSS and requirement of Risk Assessment have a very close relationship. In effect PCI-DSS has specified the requirement for an annual risk assessment as per the control 12.2 and has mentioned the requirement under guidance for requirement 10.6.2 and Testing Procedures for requirement 11.5. PCI-DSS requirement 12.2 establishes the requirement for implementing a risk assessment …
With PCI-DSS fast approaching its deadline for the compliance adherence, most of the organizations are putting their act together to meet the compliance requirements. But there lies a challenge to look for the right approach therein. The consultants/implementers/maintainers are often dwindling about what approach to take in this area. Various vendors are pitching for their …