Monday, November 19, 2012

PCI Risk Asses. Guideline

The PCI SSC has formally released one of 3 SIGs (Special Interest Groups) to be published in 2012 – the Risk Assessment Guidelines.

Until now, Risk Assessment has been one of the most obscured requirements, with no detail other than just "doing the RA". This SIG addresses just that and provides a much needed guidance about how to perform risk assessment as part of PCI compliance, what is the scope for the assessment, the relation to the card holder data environment, recommended methodologies, etc.
The final version of the document is included here: