Chapter 12. The Art of Compensating Control
Few payment security professionals can find a hotter Payment Card Industry Data Security Standards (PCI DSS) topic than compensating controls. They often look like this mythical compliance accelerator used to push PCI compliance initiatives through completion at a minimal cost to your company with little or no effort.
Compensating controls are challenging. They often require a risk-based approach that can vary greatly from one Qualified Security Assessor (QSA) to another. There is no guarantee that a compensating control accepted today will also work one year from now, and the evolution of the standard itself could render a previous control invalid.
The goal of this chapter is to paint a compensating control ...
Get PCI Compliance, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
