PCI SSC issue risk assessment guidelines to assist with PCI DSS compliance

November 20, 2012

The Payment Card Industry Security Standards Council (PCI SSC) has issued new guidelines for organisations looking to assess their level of risk regarding payment card data security.

The PCI SSC is perhaps best known for establishing the Payment Card Industry Data Security Standard (PCI DSS), a set of best practice regulations for any retailer who accepts payment or credit card information from customers.

According to PCI SSC general manager Bob Russo, the new guidelines will help businesses determine an approach to vulnerability management that best suits their organisation.

"As there are a number of risk assessment methodologies out there, our stakeholders were looking for guidance on how to effectively apply these principles to their organisations to meet PCI requirements," said Mr Russo in a statement issued November 16.

"Through our community-driven SIG election process, our participating organisations selected this as a key focus area, and the result is a strong set of best practices to guide you through choosing the risk management approach that works best for your business."

In the official document, the PCI SSC note that the guidelines are not intended to replace or supersede any existing PCI DSS requirements.

Instead, they are intended to help organisations identify and evaluate any risks that may potentially have an effect on cardholder data security.

According to the PCI SSC, organisations should aim to implement a system of risk assessment that suits their individual culture and requirements.

Through this, they should then aim to be consistently identifying any new or emerging vulnerabilities as they arise in order to correct them in a timely and proactive manner.

The PCI SSC is planning on releasing further guides focussing on ecommerce security and cloud computing early next year.

Leave a Reply

Your email address will not be published. Required fields are marked *