pci risk assessment
TRANSCRIPT
![Page 2: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/2.jpg)
2
PCI and Risk Assessment
• The PCI Council is emphasizing the need for formal risk assessment in the new PCI DSS 2.0.
• Requirement 12.1.2 mandates a formal and structured risk assessment methodology for PCI Compliance.
www.smart-ra.com
![Page 3: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/3.jpg)
3
Requirement 12.1.2 of PCI 2.0
Requirement 12.1.2 emphasizes the need for a structured and formal risk assessment methodology.
• “Requirement 12.1 Establish, publish, maintain, and disseminate a security policy that accomplishes the following:
• Requirement 12.1.2 Includes an annual process that identifies threats, and vulnerabilities, and results in a formal risk assessment.(Examples of risk assessment methodologies include but are not limited to OCTAVE, ISO 27005 and NIST SP 800-30.)”
www.smart-ra.com
![Page 4: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/4.jpg)
4
Risk Assessment – Milestone # 1
• Risk Assessment is Milestone 1 in the new Prioritized Approach to PCI Compliance
• Reference: https://www.pcisecuritystandards.org/documents/Prioritized_Approach_V2.0.pdf
www.smart-ra.com
![Page 5: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/5.jpg)
5
What this Means
• Identifying and measuring risks forms the foundational step of an organization's PCI compliance strategy.
• If done right, risk assessment contributes towards a more seamless PCI compliance process.
![Page 6: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/6.jpg)
6
However
• However, this is not the case in most organizations.
• Risk Assessment is being done in an unstructured manner that – does not follow a clearly defined workflow – does not produce measurable and comparable findings – does not cover all risks – does not map the most effective controls to the risk
![Page 7: PCI Risk Assessment](https://reader036.vdocuments.mx/reader036/viewer/2022083001/557aae14d8b42a79378b4d77/html5/thumbnails/7.jpg)
7
Find out More
• Attend a free webinar on how to do a PCI Risk Assessment correctly.
• Click here to register before slots run outhttps://www3.gotomeeting.com/register/992128830
www.smart-ra.com