PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition

CHAPTER 4: STEP 4 – CONDUCT GAP ANALYSIS

This activity is the information gathering and analysis part of the PCI project and relies on interviewing staff and assimilating information from existing policies, processes and supporting procedures and includes a technical review of systems, including:

Network components, such as firewalls, switches, routers, wireless access points, network appliances and other security appliances.
Servers, including: web, database, authentication, domain name service (DNS), mail, proxy, network time protocol (NTP).
Applications such as all purchased and custom/bespoke applications, internal and external (Web) applications.

Business process analysis and reviews must be conducted with security management and support ...

Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition by Steve Wright

CHAPTER 4: STEP 4 – CONDUCT GAP ANALYSIS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly