J. SeamanPCI DSShttps://doi.org/10.1007/978-1-4842-5808-8_6

6. Risk Management vs. Compliance – The Differentiator

Jim Seaman¹

(1)

Castleford, West Yorkshire, UK

Although the current version of the PCI DSS integrated security controls framework incorporates the requirement for entities to implement an annual risk assessment process, where critical assets, threats, and vulnerabilities are identified and the results analyzed and formally documented, this is often seen as a one of tick box control within their compliance program.

By restricting this to only risk assessing your PCI DSS environment, you reduce your options for better safeguarding your payment card processes and operations.

Think of it like the analogy of trying to cross ...

Get PCI DSS: An Integrated Data Security Standard Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI DSS: An Integrated Data Security Standard Guide by Jim Seaman

6. Risk Management vs. Compliance – The Differentiator

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly