PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition

CHAPTER 5: STEP 5 – CONDUCT RISK ANALYSIS

Before proceeding into the risk analysis step, it is worth clarifying what is meant by risk analysis and risk management. Risk management³⁴ is concerned with identifying, quantifying and managing the risks that can exist in any given environment. The risks related to key processes, people and key IT services should be identified and recorded in a risk register. These risks then need to be quantified and a decision made as to whether any actions need to be taken.

For this reason, the process of identifying, addressing and managing PCI related risks should be an integral part of every part of the PCI consideration and compliance programme.

Risk can be defined as:

‘… the risk of direct or indirect loss resulting ...

Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition by Steve Wright

CHAPTER 5: STEP 5 – CONDUCT RISK ANALYSIS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly