Database Security, Audit, Privacy and Support Blog

All organizations that accept or process payment cards are subject to the U.S. Payment Card Industry Data Security Standard (PCI DSS). A recent analysis, however, of security breaches and forensics data indicates that organizations are not correctly scoping the PCI environment, nor are they properly monitoring these systems according to PCI guidelines. Until these issues are corrected, data breaches will keep occurring, even though organizations have PCI compliance programs.GAIT for Business and IT Risk (GAIT-R), part of the Guide to the Assessment of IT Risk (GAIT) series, is well suited for remedying this situation. In order to more concretely illustrate the application of GAIT-R in a PCI environment, The IIA has released a paper walking the reader through the process, step by step. "Case Studies of Using GAIT for Business and IT Risk to Scope PCI Compliance" examines two scenarios, documenting the thought process for scoping and substantiation of IT controls. Download Case Studies of Using GAIT-R to Scope PCI Compliance (PDF, 400KB).

This entry was posted on Monday, September 22nd, 2008 at 5:48 pm and is filed under Database Audit, General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.