CHAPTER 4: STEP 4 – CONDUCT GAP ANALYSIS
This activity is the information gathering and analysis part of the PCI project and relies on interviewing staff and assimilating information from existing policies, processes and supporting procedures and includes a technical review of systems, including:
- Network components, such as firewalls, switches, routers, wireless access points, network appliances and other security appliances.
- Servers, including: web, database, authentication, domain name service (DNS), mail, proxy, network time protocol (NTP).
- Applications such as all purchased and custom/bespoke applications, internal and external (Web) applications.
Business process analysis and reviews must be conducted with security management and support ...
Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.