108 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
regulations with the expected elements of a security program. Many regulations
provide only a baseline of minimum standards and protect a limited portion of
all sensitive assets (e.g., cardholder data). Your security risk assessment team may
determine that additions to the standards baseline are required.
Exercises
1. Discuss how cloud computing will aect the “obtaining proper permission”
process (see Section 4.1.3).
2. What are some examples of security controls that a low-cost e-commerce
business would choose not to implement that a premium business likely
would? Be specic.
3. Consider asset valuation techniques 5-7 (see Section 4.4.3.5). ...