Chapter 19

Requirement 12

Information Security Policies and Practices for PCI Compliance

The foundations of an enduring security practice rest with the organization’s policies, procedures, and risk-management framework. Most of what we have discussed in the rest of the book is largely operational and technical security. However, there needs to be a binding frame that ensures that good security practices are consistent, repeatable, and measurable. This chapter focuses on Requirement 12 of the PCI-DSS. This requirement details the need for a binding security policy and operational security procedures. I will also explore an oft-forgotten but extremely important aspect of PCI compliance—risk assessment. We will understand how organizations should ...

Get PCI Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI Compliance by Abhay Bhargav

Requirement 12

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly