Monthly ArchivesFebruary 2009

Rolling the Dice on PCI standard

Here’s a line you have heard many times–“but wait, don’t look at this in black and white. You have to take a risk-based approach.” We hear it all the time as a QSA. Sometimes there is a legitimate reason to take a sane, risk-based approach. In fact, the Council tells QSAs that PCI must be applied using a risk-based approach. That allows for some latitude in some areas, but can create problems in others. Wait… problems? Why problems? We don’t have a single, industry-wide risk model to measure risk. This means that each QSA is empowered to use their discretion on how to measure and accept risk, leading to variance in interpretation and opinion shopping by companies hiring a QSA. ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!