+ All Categories
Home > Documents > PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

Date post: 05-Apr-2018
Category:

Documents
Upload: ascrivner
View: 219 times
Download: 0 times
Download Report this document
Share this document with a friend

of 25

Download
Transcript

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    1/25

    EDUF UQVAKFU IJ VUKLO

    ODKQ JIS CVUKLFUU DLA KQ SKUH

    QI UEIRF REK EIMR@KDLEF

    DDAAZZDDLLEEFFAAQQFFEEGGLLII@@IIOO[[ EEIIMMMMKKQQQQFF

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    2/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff

    Eduf Uqvakfu ij VukloODKQ jis Cvuklfuu dla KQ Skuh 'ODKQ-S+

    qi Ueirf REK Eimr`kdlef

    Dvqgisu>

    Egskuqklf Cf``kli, Nfjjfsuil _f``uEgskuqklf Egdlf{, Eilqklflqd` Dks`klfuOds{ F{mfs, Mdsdqgil Ik` Eisrisdqkil

    Fske Gdlldodl, Nfjjfsuil _f``uOflf Hkm, Qskrwksf, Kle

    Lismdl Mdshu, UDRAdzf M{fsuil, Lkhf, Kle

    Ndmfu Sfklgdsa, Ukmil Rsirfsq{ Osivr, Kle

    Adzka _k``kdmu, NERfllf{

    Fqfsld` Eilqskcvqisu>Aiskdl Eivokdu, Vlkjkfa Eimr`kdlef Jsdmfwish

    Qgf Kluqkqvqf ij Klqfsld` Dvakqisu, Dazdlefa Qfegli`io{ Eimmkqqff

    Asdjq 43Ufrqfmcfs 4:, 3227

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    3/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff

    Qdc`f ij eilqflqu

    K, REK Eimr`kdlef Rsic`fm Uqdqfmflq,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4KK, Qgf ODKQ-S Mfqgiai`io{,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3

    Aievmflq Uqsveqvsf 5KKK, Uefldski 4> @fzf` 5 F-Eimmfsef Mfsegdlq ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1

    Cdehosivla ldssdqkzf jis REK eimr`kdlef 1Uqfr 4 Kaflqkj{ qgf cvuklfuu icnfeqkzfu jis wgkeg qgf eilqsi`u dsf qi cf duufuufa 6Uqfr 3 Kaflqkj{ qgf hf{ cvuklfuu eilqsi`u sftvksfa qi rsizkaf

    sfduildc`f duuvsdlef qgdq qgf cvuklfuu icnfeqkzfu wk`` cf degkfzfa 6Uqfr 5 Kaflqkj{ qgf eskqked` KQ jvleqkild`kq{ sf`kfa vril, jsim dmilo qgf hf{ cvuklfuu eilqsi`u :Uqfr 1 Kaflqkj{ qgf eimrvqklo flzksilmflq wgfsf edsagi`afs adqd

    ku qsdlumkqqfa, uqisfa is rsiefuufa wgfsf KQOEu lffa qi cf qfuqfa :Uqfr 6 Kaflqkj{ KQOE rsiefuu skuhu dla sf`dqfa eilqsi` icnfeqkzfu :

    Jvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRU ufszfs rsizkaf

    fles{rqkil ij adqd jsim qgf evuqimfs il`klf jism ?Jvleqkild`kq{ 3 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuis 7Jvleqkild`kq{ 5 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf

    qsvledqfa rskis qi uqisdof dla qgf EZZ)EZE ku lfzfs uqisfa 7Jvleqkild`kq{ 1 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfa ;

    Uqfr : Kaflqkj{ qgf hf{ KQOEu qi qfuq qgdq daasfuu kaflqkjkfa skuh dla sf`dqfa eilqsi` icnfeqkzfu 42Jvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRU ufszfs rsizkaf

    fles{rqkil ij adqd jsim qgf evuqimfs il`klf jism 44Uqfr ? Rfsjism d sfduildc`f rfsuil gi`kuqke sfzkfw ij d`` hf{ eilqsi`u 44Uqfr 7 Afqfsmklf qgf ueirf ij qgf sfzkfw dla cvk`a dl

    drrsirskdqf afukol dla fjjfeqkzflfuu qfuqklo rsiosdm 44KZ, Uefldski 3> @fzf` 4 @dsof Sfqdk`fs,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 43

    Cdehosivla ldssdqkzf jis REK eimr`kdlef 43Uqfr 4 Kaflqkj{ qgf cvuklfuu icnfeqkzfu jis wgkeg qgf eilqsi`u dsf qi cf duufuufa 41Uqfr 3 Kaflqkj{ qgf hf{ cvuklfuu eilqsi`u sftvksfa qi rsizkaf

    sfduildc`f duuvsdlef qgdq qgf cvuklfuu icnfeqkzfu wk`` cf degkfzfa 41Uqfr 5 Kaflqkj{ qgf eskqked` KQ jvleqkild`kq{ sf`kfa vril, jsim dmilo qgf hf{ cvuklfuu eilqsi`u 41Uqfr 1 Kaflqkj{ qgf eimrvqklo flzksilmflq wgfsf edsagi`afs adqd ku

    qsdlumkqqfa, uqisfa is rsiefuufa wgfsf KQOEu lffa qi cf qfuqfa 41Uqfr 6 Kaflqkj{ KQOE rsiefuu skuhu dla sf`dqfa eilqsi` icnfeqkzfu 46

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuis 46Jvleqkild`kq{ 3 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf

    qsvledqfa rskis qi uqisdof dla qgf EZZ)EZE ku lfzfs uqisfa 4?

    Jvleqkild`kq{ 5 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfa 47Jvleqkild`kq{ 1 UU@ `kcsdskfu fles{rq edsagi`afs adqd rskis qi qsdlumkuukil 4;Uqfr : Kaflqkj{ qgf hf{ KQOEu qi qfuq qgdq daasfuu kaflqkjkfa skuh dla sf`dqfa eilqsi` icnfeqkzfu 34

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuis 34Uqfr ? Rfsjism d sfduildc`f rfsuil gi`kuqke sfzkfw ij d`` hf{ eilqsi`u 34Uqfr 7 Afqfsmklf qgf ueirf ij qgf sfzkfw dla cvk`a dl

    drrsirskdqf afukol dla fjjfeqkzflfuu qfuqklo rsiosdm 34Z, Eile`vukil,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,33

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    4/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 4

    K, REK Eimr`kdlef Rsic`fm Uqdqfmflq

    D`` isodlk~dqkilu qgdq deefrq is rsiefuu rd{mflq edsau ij dl{ q{rf dsf uvcnfeq qi qgf Rd{mflq Edsa

    Klavuqs{ Adqd Ufevskq{ Uqdladsa 'REK AUU+ dla iqgfs sf`fzdlq eilqsdeqvd` ic`kodqkilu Qgf uqdqfa oid` ij

    qgf REK AUU ku qi kmrsizf qgf ufevskq{ ij o`icd` rd{mflq u{uqfmu c{ rsiqfeqklo eiluvmfsu, mfsegdlqu

    dla cdlhu jsim esfakq kljismdqkil qgfjq dla `iuu dla uvcuftvflq jsdvav`flq deqkzkq{

    Jvladmflqd` qi eissfeq`{ afjklklo qgf REK flzksilmflq ku qgf dck`kq{ qi rsirfs`{ aievmflq qgfkljismdqkil j`iw ij wgfsf rd{mflq edsa adqd flqfsu, qsdlukqu, ku rsiefuufa, uqisfa, dla ivqrvq wgk`f kq kuvlafs qgf isodlk~dqkilu eilqsi`

    Dld`{uku ij ufevskq{ csfdegfu dla jisflukeu adqd uvrr`kfa c{ Zfsk~il Cvuklfuu U{uqfmu4 ugiwfa qgdq dq`fduq :6& ij d`` hliwl edsagi`afs adqd csfdeg klekaflqu ieevssfa il u{uqfmu qgdq wfsf liq hliwl qi gdzfeilqdklfa edsagi`afs adqd Jvsqgfsmisf, kl qgiuf isodlk~dqkilu, ?6& aka liq fmr`i{ rsirfs milkqisklorsiefuufu qgdq wiv`a gdzf fldc`fa qgf isodlk~dqkil qi afqfeq dla sfurila qi qgf ufevskq{ csfdeg

    Qgku e`fds`{ klakedqfu qgdq isodlk~dqkilu dsf liq eissfeq`{ ueirklo qgf REK flzksilmflq, lis dsf qgf{

    rsirfs`{ milkqisklo qgfuf u{uqfmu deeisaklo qi REK ovkaf`klfu Vlqk` qgfuf kuuvfu dsf eissfeqfa, adqdcsfdegfu wk`` hffr ieevssklo, fzfl qgivog isodlk~dqkilu gdzf REK eimr`kdlef rsiosdmu

    _f gdzf kaflqkjkfa qwi eivsufu ij deqkil qgdq dsf sftvksfa qi sfmfa{ qgku>4 Isodlk~dqkilu mvuq gdzf qii`u qi misf deevsdqf`{ ueirf wgdq KQ u{uqfmu dsf kl qgf REK

    flzksilmflq8 dla3 Jis qgiuf KQ u{uqfmu kl ueirf, isodlk~dqkilu mvuq u{uqfmdqked``{ dla eilukuqflq`{ kaflqkj{ qgf

    eilqsi` icnfeqkzfu qgdq fldc`f qgf fjjfeqkzf rsfzflqkil ij, afqfeqkil ij, dla sfeizfs{ jsimedsagi`afs adqd ufevskq{ csfdegfu

    Qgf ovkadlef jis qgfuf eivsufu ij deqkil edl cf jivla kl ODKQ jis Cvuklfuu dla KQ Skuh 'ODKQ-S+,

    4 3227 Adqd Csfdeg Klzfuqkodqkilu Sfrisq> Jivs [fdsu Ij Jisflukeu Sfufdseg Misf Qgdl 622 Edufu Ilf EimrsfgflukzfSfrisq, Zfsk~il Cvuklfuu U{uqfmu

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    5/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 3

    KK, Qgf ODKQ-S Mfqgiai`io{

    Qgfuf qwi REK eimr`kdlef egd``flofu ij eissfeq ueirklo dla uvcuqdlqkdqkil dsf zfs{ ukmk`ds qi qgiufjdefa c{ isodlk~dqkilu gdzklo qi eimr`{ wkqg Ufeqkil 121 ij qgf Udscdlfu-I`f{ Deq ij 3223 'UIW-121+ Qgfuf egd``flofu `fa Qgf Kluqkqvqf ij Klqfsld` Dvakqisu 'KKD+ qi afzf`ir dla rvc`kug qgf ODKQ3Mfqgiai`io{ kl Ndlvds{ 322?5, wgkeg wdu afukolfa qi gf`r isodlk~dqkilu kaflqkj{ qgf KQ oflfsd` eilqsi`rsiefuu skuhu dla sf`dqfa hf{ eilqsi`u qgdq lffa qi cf kle`vafa kl qgf duufuumflq ij klqfsld` eilqsi`u izfsjkldlekd` sfrisqklo kl qgfks UIW-121 eimr`kdlef fjjisqu

    ODKQ gdu cffl wkaf`{ dairqfa c{ isodlk~dqkilu, dla gdu rsizkafa rsfueskrqkzf ovkadlef jis mdldofmflqqgdq ku eilukuqflq wkqg qgf ovkadlef rsizkafa c{ qgf VU Ufevskqkfu dla Fegdlof Eimmkuukil 'UFE+ dlaqgf Rvc`ke Eimrdl{ Deeivlqklo Izfsukogq Cidsa 'REDIC+

    Kl 3227, Qgf KKD rvc`kugfa ODKQ-S, wgkeg fqflau qgf drr`kedqkil ij ODKQ cf{ila jkldlekd` sfrisqkloqi cvuklfuu dla KQ skuh, kle`vaklo eimr`kdlef wkqg `dwu dla sfov`dqkilu dla irfsdqkilu ODKQ-Srsizkafu d ufq ij rsklekr`fu dla d jismd`, qir-aiwl, uqsveqvsfa sfduilklo drrsideg jis kaflqkj{klo dladuufuuklo d`` qgf eilqsi`u, ciqg KQ dla kl qgf cvuklfuu, sftvksfa qi daasfuu cvuklfuu icnfeqkzfu, kle`vakloqgiuf urfekjke qi qgf KQ eimr`kdlef sftvksfmflqu

    _f cf`kfzf qgdq qgf ODKQ-S mfqgiai`io{ edl cf drr`kfa qi eissfeq`{ ueirf REK flzksilmflqu wgfsfesfakq edsa rsiefuuklo ieevsu ODKQ-S ku d jsdmfwish qgdq gf`ru isodlk~dqkilu mizf jsim d eimr`kdlefegfeh`kuq mflqd`kq{ qi d gi`kuqke, qir-aiwl, dla skuh-cdufa drrsideg qi d`` deqkzkqkfu kl qgf KQ eilqsi`flzksilmflq Ukmk`ds`{, ODKQ-S eiv`a cf drr`kfa jis dl{ iqgfs eimr kdlef icnfeqkzf> fo, GKRRD,JKUMD, O@CD, fqe

    Kafd``{, ODKQ-S wk`` cf vufa qi klqfosdqf REK eimr`kdlef fjjisqu wkqg iqgfs sfov`dqis{ sftvksfmflqu, uvegdu UIW-121, GKRRD, fqe, dla urfekj{ wgfl wf edl sf`{ il qfuqklo ailf jis iqgfs eimr`kdlef fjjisquDmilo qgf ivqeimfu wiv`a cf sfavefa skuh, dl flgdlefa eilqsi` flzksilmflq, du wf`` du qgf sfaveqkil ijvllfefuuds{ qfuqklo dla eimr`kdlef eiuqu

    ODKQ-S ku cdufa il jivs rsklekr`fu>

    Rsklekr`f 4> Qgf jdk`vsf ij qfegli`io{ ku il`{ d skuh qgdq lffau qi cf duufuufa, mdldofa, dla dvakqfa kjkq sfrsfuflqu d skuh qi qgf cvuklfuu

    Rsklekr`f 3> Hf{ eilqsi`u ugiv`a cf kaflqkjkfa du qgf sfuv`q ij d qir-aiwl duufuumflq ij cvuklfuu skuh,skuh qi`fsdlef, dla qgf eilqsi`u 'kle`vaklo dvqimdqfa eilqsi`u dla KQ oflfsd` eilqsi`u+ sftvksfa qimdldof is mkqkodqf cvuklfuu skuh

    Rsklekr`f 5> Cvuklfuu skuhu dsf mkqkodqfa c{ d eimckldqkil ij mdlvd` dla dvqimdqfa hf{ eilqsi`u Klisafs qi duufuu qgf u{uqfm ij klqfsld` eilqsi` qi mdldof)mkqkodqf cvuklfuu skuhu, hf{ dvqimdqfaeilqsi`u lffa qi cf duufuufa

    Rsklekr`f 1> KQ oflfsd` eilqsi`u md{ cf sf`kfa vril qi rsizkaf duuvsdlef ij qgf eilqklvfa dla rsirfsirfsdqkil ij dvqimdqfa hf{ eilqsi`u

    Rsklekr`f 1d> Qgf KQ oflfsd` eilqsi` 'KQOE+ rsiefuu skuhu qgdq lffa qi cf kaflqkjkfa dsf qgiuf qgdqdjjfeq eskqked` KQ jvleqkild`kq{ kl ukolkjkedlq drr`kedqkilu dla sf`dqfa adqd

    Rsklekr`f 1c> Qgf KQOE rsiefuu skuhu qgdq lffa qi cf kaflqkjkfa fkuq kl rsiefuufu dla dq zdskivuKQ `d{fsu> drr`kedqkil rsiosdm eiaf, adqdcdufu, irfsdqklo u{uqfmu, dla lfqwish

    Rsklekr`f 1e> Skuhu kl KQOE rsiefuufu dsf mkqkodqfa c{ qgf degkfzfmflq ij KQ eilqsi` icnfeqkzfu,liq klakzkavd` eilqsi`u

    3 ODKQ uqdlau jis Ovkaf qi qgf Duufuumflq ij KQ Oflfsd` Eilqsi`u Ueirf Cdufa il Skuh 'ODKQ+5 Qgf ODKQ Mfqgiai`io{, Qgf Kluqkqvqf ij Klqfsld` Dvakqisu, Ndlvds{ 322? 'gqqr>))wwwqgfkkdiso)ovkadlef)qfegli`io{)odkq)+

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    6/25

    KKKK,,QQggffOODDKKQQSSMMffqqggiiaaii`iioo{{

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 5

    Qgf ODKQ-S mfqgiai`io{ eimrskufu fkogq uqfru>

    4 Kaflqkj{ qgf cvuklfuu rsiefuu dla icnfeqkzfu jis wgkeg qgf eilqsi`u dsf qi cf duufuufa3

    Kaflqkj{ qgf hf{ cvuklfuu eilqsi`u sftvksfa qi rsizkaf sfduildc`f duuvsdlef qgdq qgf cvuklfuuicnfeqkzfu wk`` cf degkfzfa5 Kaflqkj{ qgf eskqked` KQ jvleqkild`kq{ sf`kfa vril, jsim dmilo qgf hf{ cvuklfuu eilqsi`u1 Kaflqkj{ qgf ukolkjkedlq drr`kedqkilu wgfsf KQOEu lffa qi cf qfuqfa16 Kaflqkj{ KQOE rsiefuu skuhu dla sf`dqfa eilqsi` icnfeqkzfu: Kaflqkj{ qgf hf{ KQOEu qi qfuq qgdq daasfuu kaflqkjkfa skuh dla sf`dqfa eilqsi` icnfeqkzfu? Rfsjism d sfduildc`f rfsuil gi`kuqke sfzkfw ij d`` hf{ eilqsi`u7 Afqfsmklf qgf ueirf ij qgf sfzkfw dla cvk`a dl drrsirskdqf afukol dla fjjfeqkzflfuu qfuqklo rsiosdmAievmflq Uqsveqvsf

    Kl qgf sfmdklafs ij qgku aievmflq, wf rsizkaf qwi eduf uqvakfu ij drr`{klo ODKQ-S qi REK eimr`kdlefQgf jksuq ku d ukmr`f f-eimmfsef flzksilmflq uvrrisqklo d !422M sfzflvf isodlk~dqkil, dla qgf ufeila

    ku d misf eimr`f sfqdk` flzksilmflq, uvrrisqklo d 4222 uqisf, !42C sfzflvf isodlk~dqkil

    Kl fdeg uefldski, wf wd`h qgsivog qgf ODKQ-S Mfqgiai`io{, aievmflqklo qgf qgivogq rsiefuu jisueirklo dla uvcuqdlqkdqkil ij KQ eilqsi`u

    1 Jis rvsriufu ij REK eimr`kdlef, qgku ODKQ-S uqfr ku cfuq afjklfa du qgf kaflqkjkedqkil ij qgf REK eimrvqklo flzksilmflqwgfsf edsagi`afs adqd ku qsdlumkqqfa, uqisfa is rsiefuufa wgfsf KQOEu lffa qi cf qfuqfa 'fo, qgku kle`vafu drr`kedqkilu,adqdcdufu, irfsdqklo u{uqfmu, lfqwish afzkefu, dla ui jisqg+

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    7/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 1

    KKK, Uefldski 4> @fzf` 5 F-Eimmfsef Mfsegdlq

    Cdehosivla ldssdqkzf jis REK eimr`kdlef

    @fzf` 5 Mfsegdlq Kle ku d !62M rskzdqf`{ gf`a eimrdl{ qgdq uf``u eiluv`qklo ufszkefu dla klqf``feqvd`rsirfsq{ izfs dl f-eimmfsef ukqf, kl daakqkil qi kqu qsdakqkild` ijj-`klf egdllf`u Qgf ukqf ku mdldofa kl-

    givuf c{ d qgsff-rfsuil KQ uqdjj gdla`klo isafs flqs{ dla rsiefuuklo 'fo, qgf deefrqklo dla rsiefuuklo ijesfakq edsa rd{mflqu+ Qgf f-eimmfsef ukqf gdu cffl uqfdak`{ osiwklo jis qgf rduq jfw {fdsu dla wdusfurilukc`f jis izfs !6M kl sfzflvf `duq {fds

    Qgf ukqf deefrqu drrsikmdqf`{ 422 qsdludeqkilu rfs ad{ qgdq dsf rsiefuufa c{ ilf detvksklo cdlh

    Qgf jsilq-fla isafs flqs{ drr`kedqkil ku qgf Ai`rgklEdsq ugirrklo edsq, wgkeg ku rdsq ij qgf f-eimmfsefukqf Kq ku svl c{ d Asvrd` _fc ufszfs dla qgf c`io floklf, wgkeg gdla`fu d`` evuqimfs fles{rqkilufuukilu, wgkeg afrflau il Ufevsf Uiehfqu @d{fs 'UU@+ `kcsdskfu kl qgf irfsdqklo u{uqfm 'IU+

    Qgf jsilq fla drr`kedqkil ku `iedqfa kl d ufevsf lfqwish ~ilf 'afmk`kqdsk~fa ~ilf is AM^+, wgkegsfefkzfu evuqimfs edsagi`afs adqd, kle`vaklo qgf rskmds{ deeivlq lvmcfs 'RDL+, frksdqkil adqf, dla qgf

    evuqimfs zd`kadqkil eiaf 'EZE is qgsff-akokq eiaf il qgf cdeh ij qgf edsa+ Qgf edsagi`afs adqd ku qgflfles{rqfa dla qsdlumkqqfa izfs dl UU@ ufuukil qi qgf rsiefuuis 'rd{mflq odqfwd{+ jis dvqgisk~dqkil Dldrrsizd` eiaf ku sfefkzfa c{ qgf drr`kedqkil jsim qgf rd{mflq odqfwd{

    Qgf drr`kedqkil rfsjismu dvqgisk~dqkil qsdludeqkilu kl sfd`-qkmf 'kf, li cdqeg nicu uqisf edsagi`afs adqd+,qgdq uflau qgf adqd qi qgf Rsiefuuis qi eimr`fqf qgf qsdludeqkilu jis qgdq cvuklfuu ad{

    Uefldski 4 Fwdmr`f Akdosdm

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    8/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 6

    D risqkil ij qgf fles{rqfa edsagi`afs adqd ku uqisfa `ied``{ kl d m{UT@ adqdcduf '`iedqfa il d ufevsflfqwish ~ilf il qgf klqfsld` lfqwish+ D`` cvq qgf `duq 1 akokqu ij qgf RDL dsf qsvledqfa c{ qgfdrr`kedqkil, wgkeg qsdlujismu qgf adqd ui qgdq kq ku li `ilofs eilukafsfa edsagi`afs adqd Qgf `duq 1akokqu, drrsizd` eiaf, frksdqkil adqf, evuqimfs ldmf, dla qsdludeqkil dmivlq dsf uqisfa kl qgf adqdcduf

    Qgf IU ku Sfa Gdq @klv Eimrdl{ KQ uqdjj mdldofu qgf drr`kedqkil dla qgf IU Qgf giuqklo eimrdl{mdldofu qgf lfqwishu dla jksfwd``u

    Kl uvmmds{, qgf edsagi`afs adqd ku uqisfa, rsiefuufa, is qsdlumkqqfa du ji``iwu>

    Adqd ku uqisfa kl qgf m{UT@ adqdcduf Adqd ku qsdlumkqqfa>

    i @ied` lfqwish wkqgkl qgf adqd eflqfsi _kaf dsfd lfqwish 'Klqfslfq+ qi qgf esfakq edsa rsiefuuis, qsdlukqklo qgsivog qwi jksfwd``ui Fles{rqkil jvleqkild`kq{ rsizkafa c{ qgf UU@ `kcsdskfu kl qgf IU

    Adqd ku rsiefuufa c{ d rsiefuuis 'rd{mflq odqfwd{+i Dvqgisk~dqkil ku rfsjismfa c{ qgf rd{mflq odqfwd{i Drrsizd` ku sfefkzfa c{ qgf drr`kedqkil jsim qgf rd{mflq odqfwd{i Ufqq`fmflq qsdludeqkilu dsf rfsjismfa il`klf

    Cdeh ijjkefi Qgf deeivlqklo uqdjj gdu deefuu qi qgf detvksklo cdlh)rsiefuuis f-eimmfsef _fc ukqf kl

    isafs qi rfsjism deeivlq sfeilek`kdqkil Deeivlqklo uqdjj edl deefuu jv` esfakq edsaqsdludeqkil kljismdqkil, cvq li rsigkckqfa edsagi`afs adqd ku uqisfa

    i Evuqimfs ufszkef gdu deefuu qi qgf adqdcduf kl isafs qi rfsjism egdsof cdehu is sfjvlau Qgfevuqimfs mvuq rsizkaf d esfakq edsa lvmcfs qi sfefkzf d sfjvla

    Qgf edsagi`afs adqd flzksilmflqu dsf ufomflqfa klqi ufevsf lfqwish ~ilfu, dla ai liq qsdlukq qgfeisrisdqf lfqwish6 D`` qsdlumkuukilu edss{klo edsagi`afs adqd dsf fles{rqfa vuklo UU@

    Uqfr 4 Kaflqkj{ qgf cvuklfuu icnfeqkzfu jis wgkeg qgf eilqsi`u dsf qi cf duufuufaJis qgf rvsriuf ij qgku eduf uqva{, wf dsf il`{ eilukafsklo qgf cvuklfuu icnfeqkzfu urfekjke qi REK AUUeimr`kdlef _f sfeiolk~f qgdq qgfsf dsf iqgfs cvuklfuu icnfeqkzfu jis qgku rsiefuu 'fo, eimr`fqflfuudla deevsde{ ij qgf drrsizd` rsiefuu+, cvq qgfuf dsf imkqqfa jis e`dskq{

    Qgf REK AUU eimr`kdlef icnfeqkzf ku>

    Rsiefuu esfakq edsa qsdludeqkilu ufevsf`{, deeisaklo qi REK AUU sftvksfmflqu

    Uqfr 3 Kaflqkj{ qgf hf{ cvuklfuu eilqsi`u sftvksfa qi rsizkaf sfduildc`fduuvsdlef qgdq qgf cvuklfuu icnfeqkzfu wk`` cf degkfzfa

    Eilqsi` 4 D`` qsdlumkqqfa edsagi`afs adqd jsim qgf evuqimfs ku fles{rqfa eilukuqflq wkqg REK uqdladsau'kf, jsilq-fla isafs flqs{, il`klf jism+

    Eilqsi` 3 D`` edsagi`afs adqd ku fles{rqfa rskis qi qsdlumkuukil qi qgf esfakq edsa rsiefuuis eilukuqflqwkqg REK uqdladsau 'kf, dvqgisk~dqkil dla ufqq`fmflq rsiefuu+

    6 Jis ueirklo d REK flodofmflq, dl{ afzkef is lfqwish qgdq ku klzi`zfa wkqg qgf qsdlumkuukil, uqisdof, is rsiefuuklo ku kl-ueirfjis qgf REK flzksilmflq dla duufuumflq Qgf jksuq uqfr kl afjklklo qgf edsagi`afs adqd flzksilmflq 'EAF+ ku qi afjklf giw qgfqsdludeqkil ku rfsjismfa qi kle`vaf qsdlumkuukil, uqisdof, dla rsiefuuklo ij edsagi`afs adqd Kj d lfqwish ku j`dq, qgfl fzfs{afzkef, ufszfs, wishuqdqkil, fqe il qgf lfqwish ku kle`vafa kl ueirf jis qgf EAF

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    9/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff :

    Eilqsi` 5 Li rsigkckqfa edsagi`afs adqd ku uqisfa 'kf, uqisdof ij EZZ:, DZ3 kl rdrfs, u{uqfm `iou, adqdwdsfgivuf, fqe+

    Eilqsi` 1 D`` uqisfa edsagi`afs adqd sfmdklu ufevsf 'kf, uqisdof ij EZZ, DZ3 kl rdrfs, u{uqfm `iou,adqd wdsfgivuf, fqe+

    Cfedvuf ij qgf dvqimdqfa ldqvsf ij giw isafsu dsf rsiefuufa, qgfsf dsf li mdlvd` hf{ eilqsi`u

    ODKQ-S sftvksfu qgf kaflqkjkedqkil ij d`` eilqsi`u, kle`vaklo flqkq{-`fzf` eilqsi`u? Giwfzfs, REK AUUeimr`kdlef aifu liq sftvksf qgf sfzkfw ij flqkq{-`fzf` eilqsi`u

    Uqfr 5 Kaflqkj{ qgf eskqked` KQ jvleqkild`kq{ sf`kfa vril, jsim dmilo qgf hf{cvuklfuu eilqsi`u

    Jvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRU ufszfs rsizkaf fles{rqkil ij adqd jsim qgf evuqimfs il`klfjism

    Jvleqkild`kq{ 3 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuisJvleqkild`kq{ 5 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf qsvledqfa rskis qi uqisdof dla qgf EZZ)EZE ku

    lfzfs uqisfa

    Jvleqkild`kq{ 1 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfa

    Uqfr 1 Kaflqkj{ qgf eimrvqklo flzksilmflq wgfsf edsagi`afs adqd ku qsdlumkqqfa,uqisfa is rsiefuufa wgfsf KQOEu lffa qi cf qfuqfa7

    Jvleqkild`kq{ Qgf KQ u{uqfmu qgdq af`kzfs qgf KQ jvleqkild`kq{

    Jvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRUufszfs rsizkaf fles{rqkil ij adqd jsim qgfevuqimfs il`klf jism

    Ai`rgklEdsq drr`kedqkilSfa Gdq IU

    Jvleqkild`kq{ 3 UU@ `kcsdskfu fles{rqedsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuis

    Ai`rgklEdsq drr`kedqkilSfa Gdq IU

    Jvleqkild`kq{ 5 D`` cvq qgf `duq jivs akokqu ijqgf RDL dsf qsvledqfa rskis qi uqisdof dla qgfEZZ)EZE ku lfzfs uqisfa

    Ai`rgklEdsq drr`kedqkil

    Jvleqkild`kq{ 1 Lffafa edsagi`afs adqd kuuqisfa ufevsf`{ dla ufevsf`{ af`fqfa

    Ai`rgklEdsq drr`kedqkilm{UT@ adqdcdufSfa Gdq IULfqwish

    Uqfr 6 Kaflqkj{ KQOE rsiefuu skuhu dla sf`dqfa eilqsi` icnfeqkzfu

    Kl qgku uqfr, jis fdeg eskqked` KQ jvleqkild`kq{ cfklo sf`kfa vril, wf kaflqkj{ qgf skuhu dla sf`dqfa eilqsi`icnfeqkzfu jis qgf ji``iwklo qgsff dsfdu> egdlof)eiljkovsdqkil, deefuu, dla irfsdqkilu Tvfuqkilu qi duh

    jis fdeg dsfd dsf>

    : Rsigkckqfa edsagi`afs adqd ku afjklfa c{ REK qi cf dl{ rfsuild``{ kaflqkjkdc`f kljismdqkil 'RKK+ duuiekdqfa wkqg d edsagi`afs>Rskmds{ Deeivlq Lvmcfs 'RDL+ qgdq kle`vafu frksdqkil adqf, edsagi`afs ldmf dla daasfuu, EZZ 'Edsa Zfskjkedqkil Zd`vfu+ isEZE Edsa qsdeh adqd 'mdolfqke uqskrf+? Fdmr`fu ij flqkq{-`fzf` eilqsi`u kle`vaf eiaf ij eilaveq cfklo deqkzf`{ eimmvlkedqfa, d wgkuq`fc`iwfs klf qgdq fldc`fufmr`i{ffu qi sfrisq zki`dqkilu ij edsagi`afs rskzde{, daftvde{ ij uqdjjklo qi fluvsf qgdq rfsuillf` rfsjismklo REK-sf`dqfadeqkzkqkfu dsf qsdklfa dla frfskflefa, dl vlafsuqdlaklo ij evssflq REK eimr`kdlef sftvksfmflqu dla d mfegdlkum qgdq kuqskoofsfa il egdlofu, dla ui jisqg7 Du afueskcfa kl qgf rdrfs klqsiaveqkil, qgku ku dl dadrqdqkil ij ODKQ-S Uqfr 1, wgkeg iskokld``{ sfda kaflqkj{ qgf ukolkjkedlqdrr`kedqkilu wgfsf KQOEu lffa qi cf qfuqfa

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    10/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff ?

    T4> _gdq mvuq cf eiljkovsfa9 'kle`vafu eiaf, ufqqklou, dla ufevskq{ ufqqklou+T3> _gdq deefuu sfuqskeqkilu mvuq cf ufq9 'fo, rg{uked`, `ioked`, ufrdsdqkil ij avq{+T5> _gdq mvuq cf irfsdqkild``{ rvq klqi r`def9 REK urfekjked``{ sfjfsu qi qgf ji``iwklo>

    R`dllfa deqkzkqkfu uveg du ufevsf cdehvru, zv`lfsdck`kq{ mdldofmflq dla rdqegklo, sfzkfw ij`iou, dla ufevskq{ dwdsflfuu qsdklklo

    Vlr`dllfa deqkzkqkfu uveg du fefrqkil gdla`klo, klekaflq)rsic fm mdldofmflq, ufevskq{ klekaflqgdla`kloJvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRU ufszfs rsizkaf fles{rqkil ij adqd jsimqgf evuqimfs il`klf jism

    Qgf qdc`f cf`iw `kuqu il`{ qgf KQOE skuhu qgdq gdzf cffl kaflqkjkfa qgdq nfirdsak~f qgf jvleqkild`kq{

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Vlqfuqfa is vldvqgisk~fa egdlof sfuv`qu kledsagi`afs adqd friuvsf 'fo, fles{rqkil, deefuueilqsi`u, eiljkovsdc`f ufqqklou+

    Drr`kedqkil> Vlqfuqfa is vldvqgisk~fa UU@jvleqkild`kq{ zkd qgf gqdeefuu jk`f eiv`a cfakudc`fa kl qgf drr`kedqkil, sfuv`qklo kledsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf jis qgf jsilq-fla isafs flqs{ u{uqfmu

    IU> UU@ jvleqkild`kq{ eiv`a cf akudc`fa kl qgfIU `kcsdskfu, sfuv`qklo kl edsagi`afs adqdfriuvsf 'rdqeg esfdqfu zv`lfsdck`kq{+

    Lfqwish> l)d Li fles{rqkil jvleqkild`kq{sfukafu kl qgf lfqwish, du d`` fles{rqkil ku ailf

    fla-qi-fla

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfa

    egdlofu qgdq dsf afr`i{fa klqi rsiaveqkil>

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li

    Deefuu skuhu

    Vldvqgisk~fa deefuu qi jsilq-fla isafs flqs{u{uqfmu sfuv`qu kl edsagi`afs adqd friuvsf Jisfdmr`f, vldvqgisk~fa deefuu qi deeivlqu ku odklfaqgdq deefuu edsagi`afs adqd is afes{rqkil hf{u 'fo,damklkuqsdqkzf deeivlqu, isafs flqs{ deeivlqu, fqe+

    Drr`kedqkil> Vldvqgisk~fa vuf ijdamklkuqsdqkzf, isafs flqs{, dla ufszkef deeivlqusfuv`qu kl edsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf jis qgf jsilq-fla isafs flqs{ u{uqfmu

    IU> Vldvqgisk~fa vuf ij damklkuqsdqkzfdeeivlqu sfuv`qu kl edsagi`afs adqd friuvsf

    Lfqwish> l)d Vldvqgisk~fa deefuu qijksfwd``u)lfqwishu ku vl`khf`{ qi edvuf friuvsfqi edsagi`afs adqd 'kf, d`` adqd ku fles{rqfa+

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{ dvqgisk~farfsuillf`, dla sfzihfa drrsirskdqf`{

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu

    Lfqwish> li Rg{uked` adqd eflqfs deefuu> li

    '@fzf` 5 Mfsegdlq Kle ku liqsfurilukc`f, cvq qgfks giuqklo rsizkafswk`` gdzf qi ugiw qgdq qgf{ sfuqskeqdeefuu qi dvqgisk~fa rfsuillf`+

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    11/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 7

    Rg{uked` adqd eflqfs deefuu> Ufszfsu dsf kl dqgksa-rdsq{ adqd eflqfs 'wgkeg mvuq fluvsf qgdqvldvqgisk~fa rg{uked` deefuu qiufszfsu)lfqwishu qgdq eiv`a sfuv`q kl friuvsf ijedsagi`afs adqd ku eilqsi``fa+

    Irfsdqkild` skuhu

    Drr`kedqkil dla IU zv`lfsdck`kqkfu eiv`a cffr`ikqfa, sfuv`qklo kl edsagi`afs adqd friuvsf

    Drr`kedqkil> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kledsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf IU> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kl

    edsagi`afs adqd friuvsf

    Lfqwish> Lfqwish zv`lfsdck`kqkfu dsf vl`khf`{ qisfuv`q kl edsagi`afs adqd friuvsf

    Friuvsf qi edsagi`afs adqd ku vl`khf`{ qi ieevs avfqi jdk`vsfu kl `iooklo, vl`fuu uimfilf mdhfu degdlof qgdq akudc`fu fles{rqkil

    Zv`lfsdck`kq{ duufuumflqu dsf eilaveqfarfskiaked``{ qi rsfzflq friuvsf ijedsagi`afs adqd

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li

    Jvleqkild`kq{ 3 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgfrsiefuuis

    Qgku jvleqkild`kq{ sfukafu kl qgf dvqgisk~dqkil dla ufqq`fmflq rsiefuu Qgf rsiefuuis qsdlumkuukil skuhu dsfukmk`ds qi qgf evuqimfs qsdlumkuukil skuhu, ugiwl kl Jvleqkild`kq{ 4

    Jvleqkild`kq{ 5 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf qsvledqfa rskis qiuqisdof dla qgf EZZ)EZE ku lfzfs uqisfa

    Qgku jvleqkild`kq{ sfukafu kl qgf cdeh-fla rsiefuufu, uveg du evuqimfs uvrrisq dla deeivlqklo, cvq wfgdzf d`sfda{ zfskjkfa qgdq li rsigkckqfa edsagi`afs kljismdqkil sfukafu kl qgf jsilq-fla u{uqfmu

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Eiaf is eiljkovsdqkil egdlofu 'fo, eiljkovsdqkilegdlof, qvslklo il afcvo `iooklo+ eiv`a sfuv`q klrsigkckqfa edsagi`afs kljismdqkil cfklo uqisfa

    Egdlof)eiljkovsdqkil skuhu>

    Drr`kedqkil> Eiaf is eiljkovsdqkil ufqqklou dsfegdlofa edvuklo uqisdof ij rsigkckqfakljismdqkil

    Adqdcduf> Eiaf is eiljkovsdqkil ufqqklou dsf

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfaegdlofu qgdq dsf afr`i{fa klqi rsiaveqkil>

    Drr`kedqkil> {fu Adqdcduf> {fu IU> li Lfqwish> li

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    12/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff ;

    egdlofa edvuklo uqisdof ij rsigkckqfakljismdqkil

    IU> l)d Li egdlof dq qgf IU `d{fs ku `khf`{ qiedvuf uqisdof ij rsigkckqfa adqd

    Lfqwish> l)d Li egdlof dq qgf lfqwish `d{fs ku`khf`{ qi edvuf uqisdof ij rsigkckqfa adqd

    Deefuu skuhu

    Cfedvuf wfzf d`sfda{ fuqdc`kugfa dla zfskjkfa qgdqli rsigkckqfa adqd ku cfklo uqisfa kl qgf jsilq-fla iscdeh-fla u{uqfmu, vldvqgisk~fa deefuu qi qgfufu{uqfmu ku vl`khf`{ qi sfuv`q kl uqisdof ij rsigkckqfaedsagi`afs adqd 'kf, qgfsf mvuq jksuq cf d egdlof+;

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{ dvqgisk~farfsuillf`, dla sfzihfa drrsirskdqf`{

    Drr`kedqkil> li Adqdcduf> li IU> li Lfqwish> li

    Irfsdqkild` skuhu

    Qgfsf ku li ijj`klf miaf qgdq eiv`a edvuf uqisdof ijrsigkckqfa adqd Jdk`vsfu kl irfsdqkild` rsiefavsfu,uveg du zv`lfsdck`kq{ mdldofmflq dla ufevsf`iooklo, dsf d`ui vl`khf`{ qi edvuf uqisdof ijrsigkckqfa adqd

    Irfsdqkild` skuhu>

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    l)d

    Drr`kedqkil> li Adqdcduf> li IU> li Lfqwish> li

    Jvleqkild`kq{ 1 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfa

    Qgku jvleqkild`kq{ sfukafu kl qgf cdeh-fla rsiefuufu, uveg du evuqimfs uvrrisq dla deeivlqklo 'kf, wfgdzf d`sfda{ zfskjkfa qgdq li rsigkckqfa edsagi`afs kljismdqkil sfukafu kl qgf jsilq-fla u{uqfmu+

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Kl qgku uefldski, qgfsf ku li uqisfa rsigkckqfaedsagi`afs adqd 'kf, d`` cvq `duq 1 akokqu ij RDLgdzf cffl qsvledqfa+

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfaegdlofu qgdq dsf afr`i{fa klqi rsiaveqkil>

    ; Deefuu skuhu wk`` cf qgf udmf jis Jvleqkild`kq{ 5 dla Jvleqkild`kq{ 1

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    13/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 42

    Egdlof)eiljkovsdqkil skuhu>

    Drr`kedqkil> Eiaf is eiljkovsdqkil ufqqklou dsfegdlofa, edvuklo uqisdof ij rsigkckqfa adqd

    Adqdcduf> l)d Jvleqkild`kq{ qi qsvledqf RDLsfukafu kl qgf drr`kedqkil, liq qgf adqdcduf

    IU> l)d Egdlofu qi qgf IU dsf vl`khf`{ qi sfuv`qkl uqisdof ij edsagi`afs adqd Lfqwish> l)d Egdlofu qi qgf IU dsf vl`khf`{ qi

    sfuv`q kl uqisdof ij edsagi`afs adqd

    Drr`kedqkil> {fu Adqdcduf> li IU> li Lfqwish> li

    Deefuu skuhu

    Cfedvuf wfzf qsvledqklo qgf RDL, qgfsf ku liedsagi`afs adqd cfklo uqisfa Qgfsfjisf,vldvqgisk~fa deefuu qi qgfuf u{uqfmu wk`` liq friufedsagi`afs adqd 'Qgfsf mvuq jksuq cf dlvldvqgisk~fa egdlof+42

    Sfuqskeqfa deefuu skuhu 'rsizkukilklo, iloiklomilkqisklo, ufevsf qgf cdehaiis+>

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{ dvqgisk~farfsuillf`, dla sfzihfa drrsirskdqf`{

    Drr`kedqkil> li Adqdcduf> li IU> li Lfqwish> li

    Irfsdqkild` skuhu

    Qgfsf ku li ijj`klf miaf qgdq eiv`a edvuf uqisdof ijedsagi`afs adqd Jdk`vsfu kl irfsdqkild` rsiefavsfu,

    uveg du zv`lfsdck`kq{ mdldofmflq dla ufevsf`iooklo, dsf d`ui vl`khf`{ qi edvuf uqisdof ijrsigkckqfa edsagi`afs adqd

    Irfsdqkild` skuhu>

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    Lilf

    Drr`kedqkil> li Adqdcduf> li IU> li Lfqwish> li

    Uqfr : Kaflqkj{ qgf hf{ KQOEu qi qfuq qgdq daasfuu kaflqkjkfa skuh dla sf`dqfaeilqsi` icnfeqkzfu

    Uqfr : ku `fjq du dl ffsekuf jis qgf dairqfs ij qgku mfqgiai`io{ Du dl fdmr`f, wf ugiw qgf KQOEu kluvrrisq ij Jvleqkild`kq{ 4 jis egdlof mdldofmflq

    42 Deefuu skuhu wk`` cf qgf udmf jis Jvleqkild`kq{ 5 dla Jvleqkild`kq{ 1

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    14/25

    KKKKKK,,UUeeffllddsskkii44>>@@ffzzff`55FFEEiimmmmffsseeffMMffsseeggddllqq

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 44

    Jvleqkild`kq{ 4 UU@ `kcsdskfu dla GQQRU ufszfs rsizkaf fles{rqkil ij adqd jsimqgf evuqimfs il`klf jism

    KQOE icnfeqkzfu KQOE eilqsi`u

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdq kaflqkjkfuvldvqgisk~fa is vlqfuqfa egdlofu qgdq dsfafr`i{fa klqi rsiaveqkil>

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li

    D`` egdlofu qi qgf drr`kedqkil dla IU dsfsfeisafa il d egdlof jism dla drrsizfa c{mdldofmflq

    D`` dvqgisk~fa egdlofu dsf qfuqfa rskis qikmr`fmflqdqkil

    D ufrdsdqf KQ flzksilmflq jis rsiaveqkil dlalil-rsiaveqkil ku mdklqdklfa

    D rfskiake sfzkfw ku rfsjismfa qi fluvsf qgdqvlaievmflqfa egdlofu dsf klzfuqkodqfa

    dla ui jisqg

    Uqfr ? Rfsjism d sfduildc`f rfsuil gi`kuqke sfzkfw ij d`` hf{ eilqsi`u

    Uqfr ufzfl ku klqflafa jis qgf dairqfs qi rfsjism d sfduildc`f rfsuil sfzkfw ij qgf skuhu, eilqsi`icnfeqkzfu, dla qgf eilqsi`u kaflqkjkfa du d sfuv`q ij drr`{klo qgku mfqgiai`io{ Kq ku klqflafa qgdq qgfsfzkfw kle`vafu d `iih dq qgf izfsd`` REK AUU eimr`kdlef skuh ij qgf eimrdl{ qi fzd`vdqf jis qgfriuukck`kq{ qgdq d hf{ skuh wdu izfs`iihfa Fzd`vdqklo dl{ rskis skuh dla eilqsi` sfzkfw sfrisqu md{ cfkle`vafa du d rdsq ij qgku duufuumflq

    Dq qgku riklq, wf gdzf kaflqkjkfa 4+ qgf eskqked` KQ jvleqkild`kq{ dla 3+ wgfsf wf gdzf sf`kdlef il KQOEu

    Qgf{ dsf du ji``iwu>

    Uvmmds{ ODKQ Mdqsk jis eimcklfa Jvleqkild`kqkfu 4-1>

    @d{fs Egdlof )

    Eiljkovsdqkil

    Irfsdqkilu Ufevskq{)@ioked`

    Deefuu

    Drr`kedqkil [fu [fu [fu

    Adqdcduf [fu

    Irfsdqklo u{uqfm [fu [fu [fu

    Lfqwish)kljsduqsveqvsf

    Uqfr 7 Afqfsmklf qgf ueirf ij qgf sfzkfw dla cvk`a dl drrsirskdqf afukol dlafjjfeqkzflfuu qfuqklo rsiosdm

    Qgku ku `fjq du dl ffsekuf jis qgf ODKQ-S dairqfs ji``iwklo qgf isodlk~dqkilu qfuqklo mfqgiai`iokfu dlajismdq

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    15/25

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 43

    KZ, Uefldski 3> @fzf` 4 @dsof Sfqdk`fs

    Cdehosivla ldssdqkzf jis REK eimr`kdlef

    @dsof @fzf` 4 Kle ku d rvc`ke`{ qsdafa, mfakvm-uk~fa osiefs{ egdkl qgdq sfrisqfa !42C kl sfzflvf `duq{fds Qgf eimrdl{ rsiefuufu izfs :,222,222 qsdludeqkilu rfs {fds dla du d sfuv`q ku d @fzf` 4 mfsegdlq

    Du uveg, kq gdu qi eimr`{ wkqg qgf ji``iwklo REK sftvksfmflqu du ij Ufrqfmcfs 52, 3221>

    Dl dllvd` il-ukqf ufevskq{ dvakq zd`kadqfa c{ dl klafrflaflq ufevskq{ duufuuis is klqfsld` dvakq kjukolfa c{ ijjkefs ij qgf eimrdl{

    Tvdsqfs`{ lfqwish uedlu eimr`fqfa c{ d tvd`kjkfa klafrflaflq uedl zflaisQgf eimrdl{ gdu 4222 uqisfu, wkqg drrsikmdqf`{ 32 riklq ij ud`f 'RIU+ u{uqfmu)afzkefu dq fdeg`iedqkil Qgf sfqdk` uqisfu dsf qgf il`{ egdllf` qi qgf eiluvmfs 'kf, li f-eimmfsef irfsdqkilu+

    Qgf uqisfu RIU ufqvr eilukuqu ij d eimckldqkil ij uedllfa egfeh-ivq dla uf`j-ufszkef eivlqfsu Qgf RIUu{uqfmu dla afzkefu dsf eillfeqfa qi dl il-ukqf cdeh-fla ufszfs wgkeg ei``fequ esfakq edsa adqd Fdeguqisf gdu dcivq jkzf ufszfsu, wgkeg dsf d`` eillfeqfa qi qgf eisrisdqf dvqgisk~dqkil ufszfsu zkd `fdufa `klfu

    dla udqf``kqf, wgfsf edsa dvqgisk~dqkil dla ufqq`fmflq dsf rfsjismfa

    D`` adqd qsdlujfssfa jsim qgf uqisfu qi eisrisdqf ufszfsu dsf fles{rqfa Qgf eisrisdqf dvqgisk~dqkil ufszfsqsdlumkqu qgf fles{rqfa esfakq edsa kljismdqkil qi qgf cdlh jis dvqgisk~dqkil Dvqgisk~dqkil jsim qgf cdlhku sfqvslfa fles{rqfa qi qgf eisrisdqf dvqgisk~dqkil ufszfs dla qgfl jiswdsafa il qi qgf urfekjke uqisfufszfs jis ffevqkil Ilef dvqgisk~dqkil gdu cffl eiljksmfa, qgf RIU u{uqfm dla uqisf ufszfs af`fqf d``rsigkckqfa adqd Esfakq edsa lvmcfsu dla eiluvmfs ldmfu dsf fles{rqfa dla sfqdklfa jis ufzfl ad{u ilqgf uqisf ufszfs jis rsiefuuklo sfjvlau

    Kl qgf fzflq ij u{uqfm is lfqwish jdk`vsfu, qsdludeqkilu edl cf rsiefuufa ijj`klf, kle`vaklo mdlvd``{,wgfsf ukolfa rg{uked` kmrsklqu dsf mdlvd``{ klrvqqfa klqi qgf u{uqfm Ilef flqfsfa klqi qgf u{uqfm, qgfukolfa sfefkrq ku sfqdklfa, dla qgf rg{uked` kmrsklq ku ufevsf`{ ugsfaafa

    Qgfsf ku d umd`` wksf`fuu lfqwish kl fdeg uqisf wgkeg eillfequ gdlagf`a klzflqis{ eivlqklo qii`u qi qgfRIU u{uqfm Qgf kl-uqisf u{uqfmu dsf uvrrisqfa c{ ilf qfeglked` rfsuil il ukqf D`` u{uqfm egdlofu,flgdlefmflqu, is jkfu dsf mdldofa c{ qgf eisrisdqf KQ uqdjj dq GT

    Qgf RIU u{uqfmu dsf eimmfsekd``{ uvrrisqfa dla gdzf cffl zd`kadqfa du REK-eimr`kdlq Qgku ku dedsa-rsfuflq flzksilmflq Dq fdeg RIU uqdqkil, eiluvmfsu wk`` fkqgfs uwkrf qgfks esfakq edsa dla qgfukoldqvsf ku uedllfa f`feqsilked``{, is qgf eiluvmfs wk`` ukol d edscil rdrfs kmrsklq

    Kl il`klf dvqgisk~dqkil miaf> D`` edsagi`afs adqd ku uflq jsim qgf RIU uqdqkil qi qgf uqisf ufszfsu, wgfsflil-rsigkckqfa edsagi`afs adqd ku uqisfa 'qi uvrrisq sfjvlau+ Edsagi`afs adqd ku uflq qi qgf eisrisdqfcdeh-fla u{uqfmu wgfsf dvqgisk~dqkil dla ufqq`fmflq dsf rfsjismfa, dla edsagi`afs adqd ku uqisfa jis

    ufzfl ad{u 'qi uvrrisq sfjvlau dla ud`fu sfeilek`kdqkil+

    Kl ijj`klf dvqgisk~dqkil miaf 'fo, uqisf is eimrdl{ `iufu eillfeqkzkq{ qi rsiefuuis+> D`` edsagi`afsadqd ku uflq jsim qgf RIU uqdqkil qi qgf uqisf ufszfsu Qgf{ qgfl ofq dl drrsizd` eiaf jsim qgf cdeh-ijjkefu{uqfm, dla uqisf ufszfsu wk`` uqisf edsagi`afs adqd 'kle`vaklo qgf jv`` RDL, wgkeg ku fles{rqfa c{ qgf kl-uqisf ufszfsu+ vlqk` fkqgfs dvqgisk~dqkil ku icqdklfa is 31 givsu f`drufu, dq wgkeg riklq qgf edsagi`afs adqdku ufevsf`{ rvsofa

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    16/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 45

    Kl mdlvd` miaf 'fo, uqisf u{uqfmu dsf aiwl+> D`` eiluvmfs qsdludeqkilu dsf ailf mdlvd``{, oflfsdqklorg{uked` kmrsklqu Qgfl uqisf rfsuillf` wk`` mdlvd``{ flqfs qgf qsdludeqkilu wgfl qgf uqisf u{uqfmu dsfcdeh vr dodkl

    @fdufa@klfEillfeqkilqiEisrisdqf

    Uefldski 3 Fwdmr`f Akdosdm

    RIU u{uqfmu>

    Zflais uvrrisqfa drr`kedqkil _klaiwu EF u{uqfmu Li `ied` uqisdof, fefrq jis eiljkovsdqkil ufqqklou dla mfmis{

    Uqisf ufszfsu>

    Deqkzf Aksfeqis{ aimdkl eilqsi``fs 'rskmds{ dla ufeilads{+ RIU Drr`kedqkil Mkesiuijq UT@ Ufszfs adqdcduf Mkesiuijq _klaiwu 3225 Sivqfsu dla ZRL eillfeqfa qi `fdufa `klf qi eisrisdqf u{uqfmu _ksf`fuu @DL uvrrisq wksf`fuu uedllfsu jis klzflqis{

    _ksf`fuu @DL sfukafu il qgf udmf lfqwish du qgf uqisf u{uqfmu, qi uvrrisq eillfeqkzkq{ qi qgf klzflqis{mdldofmflq u{uqfmu

    Uqisf ufszfsu dsf rg{uked``{ ufevsf, qi rsfzflq uimfilf jsim rg{uked``{ uqfd`klo qgf u{uqfmu dla adqd

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    17/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 41

    Uqfr 4 Kaflqkj{ qgf cvuklfuu icnfeqkzfu jis wgkeg qgf eilqsi`u dsf qi cf duufuufa

    Jis qgf rvsriuf ij qgku eduf uqva{, wf dsf il`{ eilukafsklo qgf cvuklfuu icnfeqkzfu urfekjke qi REK AUUeimr`kdlef _f sfeiolk~f qgdq qgfsf dsf iqgfs cvuklfuu icnfeqkzfu jis qgku rsiefuu 'fo, eimr`fqflfuudla deevsde{ ij qgf drrsizd` rsiefuu+, cvq qgfuf dsf imkqqfa jis e`dskq{

    Qgf REK AUU eimr`kdlef icnfeqkzf ku> Rsiefuu esfakq edsa qsdludeqkilu ufevsf`{, deeisaklo qi REK AUU sftvksfmflquUqfr 3 Kaflqkj{ qgf hf{ cvuklfuu eilqsi`u sftvksfa qi rsizkaf sfduildc`fduuvsdlef qgdq qgf cvuklfuu icnfeqkzfu wk`` cf degkfzfa

    Eilqsi` 4 D`` edsagi`afs adqd ku fles{rqfa rskis qi qsdlumkuukil qi qgf esfakq edsa rsiefuuis eilukuqflqwkqg REK uqdladsau 'kf, dvqgisk~dqkil dla ufqq`fmflq rsiefuu+

    Eilqsi` 3 Li rsigkckqfa edsagi`afs adqd ku uqisfa 'kf, uqisdof ij EZZ, DZ3 kl rdrfs, u{uqfm `iou, adqdwdsfgivuf, fqe+

    Eilqsi` 5 D`` uqisfa edsagi`afs adqd sfmdklu ufevsf 'kf, uqisdof ij EZZ, DZ3 kl rdrfs, u{uqfm `iou,adqd wdsfgivuf, fqe+

    Eilqsi` 1 D`` edsagi`afs adqd qsdlumkqqfa cfqwffl eimrdl{ u{uqfmu dsf fles{rqfa eilukuqflq wkqg REK

    uqdladsau 'kf, cfqwffl uqisf u{uqfmu dla qi qgf eisrisdqf ufszfsu+

    Qgf rsfuflef ij dl ijj`klf qsdludeqkil miaf dla rg{uked` kmrsklqu sftvksfu mdlvd` eilqsi`u 'fo, sftvksfaijj`klf miaf rsiefavsfu, cdqeg eilqsi`u uveg du e`iufivq, ufevsf rg{uked` uqisdof, qsdklklo qi rsiqfeqrg{uked` kmrsklqu, fqe+

    ODKQ-S sftvksfu qgf kaflqkjkedqkil ij d`` eilqsi`u, kle`vaklo flqkq{-`fzf` eilqsi`u, uveg du sfokild` uqisfmdldofs aiklo adk`{ klurfeqkilu qgdq rg{uked` kmrsklqu dsf rsiqfeqfa Giwfzfs, REK AUU eimr`kdlefaifu liq sftvksf qgf sfzkfw ij flqkq{-`fzf` eilqsi`u

    Uqfr 5 Kaflqkj{ qgf eskqked` KQ jvleqkild`kq{ sf`kfa vril, jsim dmilo qgf hf{cvuklfuu eilqsi`u

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuisJvleqkild`kq{ 3 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf qsvledqfa rskis qi uqisdof dla qgf EZZ)EZE ku

    lfzfs uqisfaJvleqkild`kq{ 5 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfaJvleqkild`kq{ 1 UU@ `kcsdskfu fles{rq edsagi`afs adqd rskis qi qsdlumkuukil

    Uqfr 1 Kaflqkj{ qgf eimrvqklo flzksilmflq wgfsf edsagi`afs adqd ku qsdlumkqqfa,uqisfa is rsiefuufa wgfsf KQOEu lffa qi cf qfuqfa44

    Jvleqkild`kq{ Qgf KQ u{uqfmu qgdq af`kzfs qgf KQ jvleqkild`kq{

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq

    edsagi`afs adqd qsdlumkqqfa qi qgf rsiefuuis

    Uqisf ufszfsu>

    Jsilq-fla RIU drr`kedqkil_klaiwu 3225 IU

    Eisrisdqf ufszfsu>Cdeh-fla RIU drr`kedqkil_klaiwu 3225 IU

    44 Du afueskcfa kl qgf rdrfs klqsiaveqkil, qgku ku dl dadrqdqkil ij ODKQ-S Uqfr 1, wgkeg iskokld``{ sfda kaflqkj{ qgf ukolkjkedlqdrr`kedqkilu wgfsf KQOEu lffa qi cf qfuqfa

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    18/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 46

    Jvleqkild`kq{ 3 D`` cvq qgf duq jivs akokqu ijqgf RDL dsf qsvledqfa rskis qi uqisdof dla qgfEZZ)EZE ku lfzfs uqisfa

    Uqisf ufszfsu>RIU drr`kedqkil_klaiwu 3225 IU

    Jvleqkild`kq{ 5 Lffafa edsagi`afs adqd ku

    uqisfa ufevsf`{ dla ufevsf`{ af`fqfa

    Uqisf ufszfsu>

    RIU drr`kedqkilUT@ Ufszfs adqdcduf_klaiwu 3225 IU

    Eisrisdqf ufszfsu>Cdeh-fla RIU drr`kedqkil_klaiwu 3225 IULfqwish

    Jvleqkild`kq{ 1 UU@ `kcsdskfu fles{rqedsagi`afs adqd rskis qi qsdlumkuukil

    Uqisf ufszfsu>Jsilq-fla RIU drr`kedqkil_klaiwu 3225 IU

    Eisrisdqf ufszfsu>Cdeh-fla RIU drr`kedqkil_klaiwu 3225 IU

    Uqfr 6 Kaflqkj{ KQOE rsiefuu skuhu dla sf`dqfa eilqsi` icnfeqkzfu

    Kl qgku uqfr, jis fdeg eskqked` KQ jvleqkild`kq{ cfklo sf`kfa vril, wf kaflqkj{ qgf skuhu dla sf`dqfa eilqsi`icnfeqkzfu jis qgf ji``iwklo qgsff dsfdu> egdlof)eiljkovsdqkil, deefuu, dla irfsdqkilu Tvfuqkilu qi duhjis fdeg dsf>T4> _gdq mvuq cf eiljkovsfa9 'kle`vafu eiaf, ufqqklou, dla ufevskq{ ufqqklou+T3> _gdq deefuu sfuqskeqkilu mvuq cf ufq9 'fo, rg{uked`, `ioked`, ufrdsdqkil ij avq{+T5> _gdq mvuq cf irfsdqkild``{ rvq klqi r`def9 REK urfekjked``{ sfjfsu qi qgf ji``iwklo>

    R`dllfa deqkzkqkfu uveg du ufevsf cdehvru, zv`lfsdck`kq{ mdldofmflq dla rdqegklo, sfzkfw ij`iou, dla ufevskq{ dwdsflfuu qsdklklo Vlr`dllfa deqkzkqkfu uveg du fefrqkil gdla`klo, klekaflq)rsic fm mdldofmflq, ufevskq{ klekaflq

    gdla`klo

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgfrsiefuuis

    Jis qgku uqfr, wf dsf il`{ eilukafsklo qgf jsilq-fla isafs flqs{ u{uqfm dla qgf eisrisdqf cdeh-flaufszfsu Qgku wk`` csklo klqi ueirf qgf wkqgkl-uqisf qsdjjke 'wgfsf fles{rqkil ku rsizkafa c{ qgfdrr`kedqkil is IU+ dla qsdjjke qi qgf eisrisdqf ufszfsu 'wgfsf fles{rqkil ku rsizkafa c{ qgf ZRLlfqwish+

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Vlqfuqfa is vldvqgisk~fa egdlof sfuv`qu kl edsagi`afsadqd friuvsf 'fo, fles{rqkil, deefuu eilqsi`u,eiljkovsdc`f ufqqklou+

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfaegdlofu qgdq dsf afr`i{fa klqirsiaveqkil>

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    19/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 4:

    Drr`kedqkil> Eiaf is eiljkovsdqkil egdlofu qi qgfRIU drr`kedqkil eiv`a akudc`f fles{rqkil, sfuv`qklokl edsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf jis qgf jsilq-fla isafs flqs{ u{uqfmu

    IU> UU@ jvleqkild`kq{ eiv`a cf akudc`fa kl qgf IU`kcsdskfu, sfuv`qklo kl edsagi`afs adqd friuvsf Lfqwish> ZRL rsizkafu fla-qi-fla fles{rqkil,

    dla eiv`a cf akudc`fa qi akudc`f fles{rqkil

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> {fu

    Deefuu skuhu

    Vldvqgisk~fa deefuu qi u{uqfmu ku vl`khf`{ qi sfuv`q klvlfles{rqfa edsagi`afs adqd cfklo friufa 'vl`fuuqgfsf ku d egdlof+

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d Vldvqgisk~fa deefuu qi

    jksfwd``u)lfqwishu ku vl`khf`{ qi edvuf friuvsf qiedsagi`afs adqd

    Rg{uked` adqd eflqfs deefuu> l)d

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{dvqgisk~fa rfsuillf`, dla sfzihfadrrsirskdqf`{

    Drr`kedqkil> li Adqdcduf> li IU> li Lfqwish> li

    Irfsdqkild` skuhu

    Drr`kedqkil dla IU zv`lfsdck`kqkfu eiv`a sfuv`q kledsagi`afs adqd friuvsf

    Drr`kedqkil> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kledsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf IU> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kl edsagi`afs

    adqd friuvsf

    Lfqwish> Cfedvuf adqd ku fles{rqfa cfjisfqsdlumkuukil, fzfl lfw zv`lfsdck`kqkfu qi qgfeisrisdqf ZRL ku vl`khf`{ qi sfuv`q kl edsagi`afsadqd friuvsf

    Friuvsf qi edsagi`afs adqd ku vl`khf`{ qi ieevs avf qijdk`vsfu kl `iooklo, vl`fuu uimfilf mdhfu d egdlofqgdq akudc`fu fles{rqkil

    Zv`lfsdck`kq{ duufuumflqu dsfeilaveqfa rfskiaked``{ qi rsfzflqfriuvsf ij edsagi`afs adqd

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    20/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 4?

    Jvleqkild`kq{ 3 D`` cvq qgf `duq jivs akokqu ij qgf RDL dsf qsvledqfa rskis qiuqisdof dla qgf EZZ)EZE ku lfzfs uqisfa

    Qgku jvleqkild`kq{ rskmdsk`{ sfukafu kl qgf uqisf ufszfsu, wgkeg fluvsf qgdq edsagi`afs adqd ku rvsofa djqfsesfakq edsa dvqgisk~dqkil Eisrisdqf ufszfsu sfefkzf kljismdqkil wkqg li rsigkckqfa edsagi`afskljismdqkil

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Fles{rqfa RDL adqd edl cf uqisfa jis vr qi 31 givsukl ijj`klf ufqq`fmflq miaf, d`` fles{rqfa c{ qgfdrr`kedqkil

    Qgf skuh ku qgdq d egdlof kl qgf drr`kedqkil akudc`fufles{rqkil is fldc`fu `iooklo ij rsigkckqfakljismdqkil

    Egdlof)eiljkovsdqkil skuhu>

    Drr`kedqkil> eiaf is eiljkovsdqkil ufqqklou dsfegdlofa qgdq akudc`f fles{rqkil

    Adqdcduf> l)d Jvleqkild`kq{ qi qsvledqf RDLsfukafu kl qgf drr`kedqkil, liq qgf adqdcduf

    IU> l)d Egdlofu qi qgf IU dsf vl`khf`{ qi sfuv`qkl uqisdof ij edsagi`afs adqd

    Lfqwish> l)d Egdlofu qi qgf IU dsf vl`khf`{ qisfuv`q kl uqisdof ij edsagi`afs adqd

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdq kaflqkjkfuvldvqgisk~fa is vlqfuqfa egdlofu qgdq dsfafr`i{fa klqi rsiaveqkil>

    Drr`kedqkil> {fu Adqdcduf> li IU> li Lfqwish> li

    Deefuu skuhu

    Vldvqgisk~fa deefuu skuhu kl qgf ji``iwklo dsfdu

    eiv`a friuf edsagi`afs adqd>

    Drr`kedqkil> Drr`kedqkil deefuu eiv`a friuffles{rqfa kljismdqkil

    Adqdcduf> l)d IU> l)d Lfqwish> l)d

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,

    fkuqklo deeivlqu dsf iwlfa c{ dvqgisk~farfsuillf`, dla sfzihfa drrsirskdqf`{

    Drr`kedqkil> {fu Adqdcduf> li IU> li Lfqwish> li

    Irfsdqkild` skuhu

    Cdehvru ij qgf uqisf ufszfsu qgdq eilqdkl fles{rqfa

    edsagi`afs adqd eiv`a cf uqi`fl is eirkfa, cvq kuvl`khf`{ qi sfuv`q kl friuvsf ij edsagi`afs adqd43

    Edsagi`afs adqd ku cdehfa vr

    Qgfsf dsf li iqgfs irfsdqkild` rsiefavsfu wgfsfjdk`vsfu dsf `khf`{ qi edvuf uqisdof ij edsagi`afs adqd

    Drr`kedqkil> li

    Adqdcduf> li IU> li Lfqwish> li Rg{uked`> Adqd eflqfs ku `iehfa

    'uqisdof e`iufq ku `iehfa+ qi rsiqfeqfles{rqkil hf{

    43 Kj cdehvr qdrfu dsf uqi`fl, edsa kuuvfsu md{ afjklf qgku du d csfdeg dla sftvksf dl klzfuqkodqkil Giwfzfs, qgku ku akjjfsflq qgdld adqd eimrsimkuf is adqd `iuu, wgkeg ku qgf skuh qgdq wdu fzd`vdqfa kl qgku fdmr`f

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    21/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 47

    'fo, zv`lfsdck`kq{ mdldofmflq, ufevsf `iooklo+

    Irfsdqkild` skuhu>

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d Rg{uked`> l)d 'Rg{uked` qdrfu md{ cf uqi`fl, cvq

    fles{rqkil mdhfu kq vl`khf`{ qi sfuv`q kledsagi`afs adqd friuvsf+

    Jvleqkild`kq{ 5 Lffafa edsagi`afs adqd ku uqisfa ufevsf`{ dla ufevsf`{ af`fqfa

    Qgku jvleqkild`kq{ sfukafu kl qgf cdeh-fla rsiefuufu, uveg du adqd wdsfgivuf 'kf, wf gdzf d`sfda{zfskjkfa qgdq li rsigkckqfa edsagi`afs kljismdqkil sfukafu kl qgf jsilq-fla u{uqfmu+

    Qgfsf dsf qwi dsfdu qgdq wf wdlq qi klurfeq> qgf kl-uqisf ufszfsu 'wgkeg rvsof rsigkckqfa kljismdqkil+ dlaqgf eisrisdqf ufszfsu 'wgkeg sfefkzf kljismdqkil jsim qgf uqisf ufszfsu+ Kl iqgfs wisau, eisrisdqf ufszfssfefkzfu kljismdqkil wkqg li rsigkckqfa edsagi`afs kljismdqkil

    Qgf gkog skuh dsfd wf kaflqkj{ ku>

    Uqisf ufszfs ku liq eissfeq`{ rvsoklo rsigkckqfa adqd djqfs esfakq edsa dvqgisk~dqkil 'avf qi d eiafegdlof, is afcvooklo cfklo qvslfa il+

    Uqisf ufszfsu rvsof rsigkckqfa adqd, cvq uqk`` eilqdkl edsagi`afs ldmfu dla rskmds{ deeivlq lvmcfs'RDL+ jis ufzfl ad{u Kj qgku kljismdqkil ku eimrsimkufa, qgfl qgku eiluqkqvqfu d REK csfdeg

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi` icnfeqkzfu

    Eiaf is eiljkovsdqkil egdlofu 'fo, eiljkovsdqkilegdlof, qvslklo il afcvo `iooklo+ qi qgf uqisf ufszfsueiv`a sfuv`q kl rsigkckqfa edsagi`afs kljismdqkil cfklouqisfa

    Egdlof)eiljkovsdqkil skuhu>

    Drr`kedqkil> Eiaf is eiljkovsdqkil ufqqklou dsfegdlofa, edvuklo uqisdof ij rsigkckqfa kljismdqkil

    Adqdcduf> Eiaf is eiljkovsdqkil ufqqklou dsfegdlofa, edvuklo uqisdof ij rsigkckqfa kljismdqkil

    IU> l)d Li egdlof dq qgf IU `d{fs ku `khf`{ qiedvuf uqisdof ij rsigkckqfa adqd

    Lfqwish> l)d Li egdlof dq qgf lfqwish `d{fs ku`khf`{ qi edvuf uqisdof ij rsigkckqfa adqd

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfaegdlofu qgdq dsf afr`i{fa klqirsiaveqkil>

    Drr`kedqkil> {fu Adqdcduf> {fu IU> li Lfqwish> li'Egdlofu qi qgf drr`kedqkil dlaadqdcduf wk`` sfukaf kl qgf GT egdlofeilqsi` dla UA@E rsiefuufu wgkegdvqgisk~f dla uegfav`f egdlofu qi uqisfufszfsu+

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    22/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 4;

    Deefuu skuhu

    Cfedvuf wfzf d`sfda{ fuqdc`kugfa dla zfskjkfa qgdq lirsigkckqfa edsagi`afs adqd ku cfklo uqisfa kl qgf uqisfufszfsu jis 31 givsu, vldvqgisk~fa deefuu qi qgfufu{uqfmu ku vl`khf`{ qi friuf rsigkckqfa edsagi`afs

    adqd 'Qgfsf mvuq jksuq cf dl vldvqgisk~fa egdlof+

    Cfedvuf wf dsf vuklo d REK-zd`kadqfa drr`kedqkil, qgfedsagi`afs ldmfu dla RDL dsf fles{rqfa c{ qgfdrr`kedqkil Qgf skuh ij akue`iuvsf ij adqd ku `iw, fzflkj qgfsf ku rg{uked` qgfjq ij qgf uqisf ufszfs, is qgf adqdku eirkfa, cfedvuf qgf rg{uked` afes{rqkil hf{ kusftvksfa

    Drr`kedqkil> Cfedvuf qgf drr`kedqkil edl afes{rqrsigkckqfa edsagi`afs adqd 'wkqg qgf drrsirskdqfdeeivlq dla rsfuflef ij qgf rg{uked` hf{+,

    vldvqgisk~fa deefuu qi qgf drr`kedqkil edl sfuv`q klfriufa edsagi`afs adqd 'fo, svllklo sfrisq,ffevqklo eiaf, fqe+

    Adqdcduf> l)d IU> l)d Lfqwish> l)d

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{dvqgisk~fa rfsuillf`, dla sfzihfadrrsirskdqf`{

    Drr`kedqkil> {fu Adqdcduf> li IU> li Lfqwish> li

    Irfsdqkild` skuhu

    Qgfsf ku dl ijj`klf miaf qgdq sftvksfu uqisdof ijfles{rqfa RDL jis 31 givsu Jdk`vsf kl irfsdqkild`rsiefavsfu, uveg du zv`lfsdck`kq{ mdldofmflq dlaufevsf `iooklo, dsf d`ui vl`khf`{ qi edvuf uqisdof ij

    rsigkckqfa adqd

    Irfsdqkild` skuhu>

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    Lilf

    Drr`kedqkil> l)d Adqdcduf> l)d IU> l)d Lfqwish> l)d

    Jvleqkild`kq{ 1 UU@ `kcsdskfu fles{rq edsagi`afs adqd rskis qi qsdlumkuukil

    Jis qgku uqfr, wf eilukafs d`` qsdlumkuukil ij edsagi`afs adqd, liq nvuq qi qgf rd{mflq rsiefuuis

    Egdlof)eiljkovsdqkil skuhu KQOE eilqsi`u

    Vlqfuqfa is vldvqgisk~fa egdlof sfuv`qu kl edsagi`afsadqd friuvsf 'fo, fles{rqkil, deefuu eilqsi`u,eiljkovsdc`f ufqqklou+

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdqkaflqkjkfu vldvqgisk~fa is vlqfuqfaegdlofu qgdq dsf afr`i{fa klqirsiaveqkil>

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    23/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 32

    Drr`kedqkil> UU@ jvleqkild`kq{ eiv`a cf akudc`fa klqgf drr`kedqkil, sfuv`qklo kl edsagi`afs adqdfriuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf jis qgf jsilq-flaisafs flqs{ u{uqfmu

    IU> UU@ jvleqkild`kq{ eiv`a cf akudc`fa kl qgf IU`kcsdskfu, sfuv`qklo kl edsagi`afs adqd friuvsf Lfqwish> l)d Li fles{rqkil jvleqkild`kq{ sfukafu kl

    qgf lfqwish, du d`` fles{rqkil ku ailf fla-qi-fla

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li

    Deefuu skuhu

    Vldvqgisk~fa deefuu qi jsilq-fla isafs flqs{ u{uqfmusfuv`qu kl edsagi`afs adqd friuvsf Jis fdmr`f,vldvqgisk~fa deefuu qi deeivlqu ku odklfa qgdq deefuuedsagi`afs adqd is afes{rqkil hf{u 'fo, damklkuqsdqkzfdeeivlqu, isafs flqs{ deeivlqu, fqe+

    Drr`kedqkil> Vldvqgisk~fa vuf ij damklkuqsdqkzfdeeivlqu sfuv`qu kl edsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf jis qgf jsilq-flaisafs flqs{ u{uqfmu

    IU> Vldvqgisk~fa vuf ij damklkuqsdqkzf deeivlqusfuv`qu kl edsagi`afs adqd friuvsf

    Lfqwish> l)d Vldvqgisk~fa deefuu qi jksfwd``u)lfqwishu ku vl`khf`{ qi edvuf friuvsf qi edsagi`afsadqd

    Rg{uked` adqd eflqfs deefuu> Vldvqgisk~fa rg{uked`deefuu qi ufszfsu)lfqwishu eiv`a sfuv`q kl friuvsf

    ij edsagi`afs adqd

    D`` esfdqfa deeivlqu dsf dvqgisk~fa,fkuqklo deeivlqu dsf iwlfa c{dvqgisk~fa rfsuillf`, dla sfzihfadrrsirskdqf`{

    Drr`kedqkil> {fu Adqdcduf> li IU> {fu Lfqwish> li Rg{uked`> {fu

    Irfsdqkild` skuhu

    Drr`kedqkil dla IU zv`lfsdck`kqkfu eiv`a sfuv`q kledsagi`afs adqd friuvsf

    Drr`kedqkil> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kledsagi`afs adqd friuvsf

    Adqdcduf> l)d Qgfsf ku li adqdcduf

    IU> Lfw zv`lfsdck`kqkfu eiv`a sfuv`q kl edsagi`afsadqd friuvsf

    Lfqwish> li

    Friuvsf qi edsagi`afs adqd ku vl`khf`{ qi ieevs avf qi`iooklo, vl`fuu uimfilf mdhfu d egdlof qgdq akudc`fufles{rqkil

    Zv`lfsdck`kq{ duufuumflqu dsfeilaveqfa rfskiaked``{ qi rsfzflqfriuvsf ij edsagi`afs adqd

    Drr`kedqkil> {fu Adqdcduf> li

    IU> {fu Lfqwish> li

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    24/25

    KKZZ,,UUeeffllddsskkii33>>@@ffzzff`44@@ddssooffSSffqqddkk`ffss

    EEdduuffUUqqvvaakkffuuiijjVVuukkllooOODDKKQQSSQQiiUUeeiirrffRREEKKEEiimmrr`kkddlleeff 34

    Uqfr : Kaflqkj{ qgf hf{ KQOEu qi qfuq qgdq daasfuu kaflqkjkfa skuh dla sf`dqfaeilqsi` icnfeqkzfu

    Uqfr : ku `fjq du dl ffsekuf jis qgf dairqfs ij qgku mfqgiai`io{ Du dl fdmr`f, wf ugiw qgf KQOEu kluvrrisq ij Jvleqkild`kq{ 4 jis egdlof mdldofmflq

    Jvleqkild`kq{ 4 UU@ `kcsdskfu fles{rq edsagi`afs adqd qsdlumkqqfa qi qgfrsiefuuis

    KQOE eilqsi` icnfeqkzfu KQOE eilqsi`u

    Egdlofu dsf kmr`fmflqfa ji``iwklo degdlof mdldofmflq rsiefuu qgdq kaflqkjkfuvldvqgisk~fa is vlqfuqfa egdlofu qgdq dsfafr`i{fa klqi rsiaveqkil>

    Drr`kedqkil> {fu

    Adqdcduf> li IU> {fu Lfqwish> li

    D`` egdlofu qi qgf drr`kedqkil dla IU dsfsfeisafa il d egdlof jism dla drrsizfa c{mdldofmflq

    D`` dvqgisk~fa egdlofu dsf qfuqfa rskis qikmr`fmflqdqkil

    D ufrdsdqf KQ flzksilmflq jis rsiaveqkil dlalil-rsiaveqkil ku mdklqdklfa

    D rfskiake sfzkfw ku rfsjismfa qi fluvsf qgdqvlaievmflqfa egdlofu dsf klzfuqkodqfa

    dla ui jisqg

    Uqfr ? Rfsjism d sfduildc`f rfsuil gi`kuqke sfzkfw ij d`` hf{ eilqsi`u

    Uqfr ufzfl ku klqflafa jis qgf dairqfs qi rfsjism d sfduildc`f rfsuil sfzkfw ij qgf skuhu, eilqsi`icnfeqkzfu, dla qgf eilqsi`u kaflqkjkfa du d sfuv`q ij drr`{klo qgku mfqgiai`io{ Kq ku klqflafa qgdq qgfsfzkfw kle`vafu d `iih dq qgf izfsd`` REK AUU eimr`kdlef skuh ij qgf eimrdl{ qi fzd`vdqf jis qgfriuukck`kq{ qgdq d hf{ skuh wdu izfs`iihfa Fzd`vdqklo dl{ rskis skuh dla eilqsi` sfzkfw sfrisqu md{ cf

    kle`vafa du d rdsq ij qgku duufuumflq

    Dq qgku riklq, wf gdzf kaflqkjkfa 4+ qgf eskqked` KQ jvleqkild`kq{ dla 3+ wgfsf wf gdzf sf`kdlef il KQOEuQgf{ dsf du ji``iwu>

    Uvmmds{ ODKQ Mdqsk jis eimcklfa Jvleqkild`kqkfu 4-1>

    @d{fs Egdlof )

    Eiljkovsdqkil

    Irfsdqkilu Ufevskq{)@ioked`

    Deefuu

    Drr`kedqkil [fu [fu [fu

    Adqdcduf [fu

    Irfsdqklo u{uqfm [fu [fu [fu

    Lfqwish)kljsduqsveqvsf [fu

    Uqfr 7 Afqfsmklf qgf ueirf ij qgf sfzkfw dla cvk`a dl drrsirskdqf afukol dlafjjfeqkzflfuu qfuqklo rsiosdm

    Qgku ku `fjq du dl ffsekuf jis qgf ODKQ-S dairqfs ji``iwklo qgf isodlk~dqkilu qfuqklo mfqgiai`iokfu dlajismdq

  • 7/31/2019 PCI Case Studies of Using GAIT for Business and IT Risk (GAIT-R) to Scope PCI Compliance

    25/25

    Z, Eile`vukil

    Du fzkaflefa kl qgf sfuv`qu ij drr`{klo ODKQ-S qi qgf qwi uefldskiu kl qgku eduf uqva{, qgf mfqgiai`io{wishu wf`` jis kaflqkj{klo qgf drrsirskdqf eimr`kdlef sftvksfmflqu sfodsa`fuu ij dl isodlk~dqkilu uk~f is

    eimr`fkq{ Drr`{klo d uqdladsa mfqgiai`io{ qi ueirklo REK eimr`kdlef wk`` duukuq qgf dvakqis dla qgiufsfurilukc`f jis REK eimr`kdlef qi jievu il wgdq ku qsv`{ kmrisqdlq qi mffqklo qgf eimr`kdlef icnfeqkzfudla mklkmk~klo skuh qi qgf isodlk~dqkil


Recommended
Cisco TrustSec for PCI Scope Reduction Verizon … · 2 Cisco TrustSec for PCI Scope Reduction--Verizon Assessment and Validation CONTENTS Overview 3 Legacy Segmentation Challenges

Cisco TrustSec for PCI Scope Reduction Verizon … · 2 Cisco TrustSec for PCI Scope Reduction--Verizon Assessment and Validation CONTENTS Overview 3 Legacy Segmentation Challenges

Documents

Sensor-based Gait Analysis: from translational research … · Ganganalyse • Gait sequence (10 meter) eGaIT – mobile gait lab gait parameter validation Rampp et al. TBME 2014

Sensor-based Gait Analysis: from translational research … · Ganganalyse • Gait sequence (10 meter) eGaIT – mobile gait lab gait parameter validation Rampp et al. TBME 2014

Documents

PCI Redaction: Compliance Reimagined · Tethr’s machine powered redaction takes the guesswork out of PCI compliance, rendering call recordings “out of scope” for all PCI compliance

PCI Redaction: Compliance Reimagined · Tethr’s machine powered redaction takes the guesswork out of PCI compliance, rendering call recordings “out of scope” for all PCI compliance

Documents

Determining Scope for PCI DSS Compliance

Determining Scope for PCI DSS Compliance

Technology

EV-Gait: Event-Based Robust Gait Recognition Using Dynamic … · 2019. 6. 10. · EV-Gait: Event-based Robust Gait Recognition using Dynamic Vision Sensors Yanxiang Wang1∗, Bowen

EV-Gait: Event-Based Robust Gait Recognition Using Dynamic … · 2019. 6. 10. · EV-Gait: Event-based Robust Gait Recognition using Dynamic Vision Sensors Yanxiang Wang1∗, Bowen

Documents

GAIT Methodology - iiacolombia.com · GAIT Methodology A risk-based approach to assessing the scope of IT general controls The Institute of Internal Auditors August 2007

GAIT Methodology - iiacolombia.com · GAIT Methodology A risk-based approach to assessing the scope of IT general controls The Institute of Internal Auditors August 2007

Documents

UCSF 650-16 Addendum E - PCI · 2020. 5. 19. · • To comply with data security requirements defined by Payment Card Industry Data Security Standards 3.1/3.2 (PCI-DSS) Scope: The

UCSF 650-16 Addendum E - PCI · 2020. 5. 19. · • To comply with data security requirements defined by Payment Card Industry Data Security Standards 3.1/3.2 (PCI-DSS) Scope: The

Documents

Progress PROGRESS OPENEDGE · merchant runs does not have to be PCI-DSS-compliant, the PCI Council introduced the definition of scope PCI scope limits which business systems have

Progress PROGRESS OPENEDGE · merchant runs does not have to be PCI-DSS-compliant, the PCI Council introduced the definition of scope PCI scope limits which business systems have

Documents

Payment Card Industry (PCI) Data Security Standard€¦ · Services that were INCLUDED in the scope of the PCI DSS Assessment (check all that apply): ... ATM Other processing (specify):

Payment Card Industry (PCI) Data Security Standard€¦ · Services that were INCLUDED in the scope of the PCI DSS Assessment (check all that apply): ... ATM Other processing (specify):

Documents

E-COMMERCE AND PCI COMPLIANCE Presentation 4.19.17.pdfbrought into scope with the latest PCI Data Security Standard (DSS) and all factory settings must be changed, All unnecessary

E-COMMERCE AND PCI COMPLIANCE Presentation 4.19.17.pdfbrought into scope with the latest PCI Data Security Standard (DSS) and all factory settings must be changed, All unnecessary

Documents

Equinus, Pes Cavus and Dropfoot - Video Gait · PDF fileEquinus, Pes Cavus and Dropfoot - Video Gait Analysis - ... Circumductory Gait Shortened Limb Support in Gait

Equinus, Pes Cavus and Dropfoot - Video Gait · PDF fileEquinus, Pes Cavus and Dropfoot - Video Gait Analysis - ... Circumductory Gait Shortened Limb Support in Gait

Documents

PCI P2PE 2 - Conexxus · PCI P2PE Minimizes Scope, Safeguards Cardholder Data and Protects the Brand PCI Scope and Cost Reduction 17 No Business can Afford to Lose Cardholder Data

PCI P2PE 2 - Conexxus · PCI P2PE Minimizes Scope, Safeguards Cardholder Data and Protects the Brand PCI Scope and Cost Reduction 17 No Business can Afford to Lose Cardholder Data

Documents

How to 0wn Log Management · Dr. Anton Chuvakin Chasm Emerges! PCI DSS is TOO EASY! PCI is a joke. It is not security! Playing scope games? PCI makes you buy stuff you don’t need

How to 0wn Log Management · Dr. Anton Chuvakin Chasm Emerges! PCI DSS is TOO EASY! PCI is a joke. It is not security! Playing scope games? PCI makes you buy stuff you don’t need

Documents

PCI for Pen Testers - SecTor · PCI for Pen Testers ... BitBucket, SourceForge, Pastebin. •Your Client may also have out of scope networks in the Cloud. TESTING TIPS PSC, Inc..

PCI for Pen Testers - SecTor · PCI for Pen Testers ... BitBucket, SourceForge, Pastebin. •Your Client may also have out of scope networks in the Cloud. TESTING TIPS PSC, Inc..

Documents

Gait Analysis

Gait Analysis

Documents

Exalogic and PCI Compliance - · PDF fileExalogic and PCI Compliance Page 1 A COALFIRE WHITE PAPER ... Exalogic PCI Scope: ... applications are resident in a merchant’s CDE

Exalogic and PCI Compliance - · PDF fileExalogic and PCI Compliance Page 1 A COALFIRE WHITE PAPER ... Exalogic PCI Scope: ... applications are resident in a merchant’s CDE

Documents

PHYSIOTHERAPY - · PDF fileToday physiotherapy has emerged as a popular branch of Allied Health science. ... Circumductory gait Scissoring gait Festinent gait Ataxic gait. Page 9 of

PHYSIOTHERAPY - · PDF fileToday physiotherapy has emerged as a popular branch of Allied Health science. ... Circumductory gait Scissoring gait Festinent gait Ataxic gait. Page 9 of

Documents

GAIT- Deepak

GAIT- Deepak

Documents