2. Conduct a preliminary gap analysis on the applicable framework.
3. Place remediation items into specific categories.
4. Determine parties responsible for the ownership of all remediation efforts.
5. Seek out products, tools, and services for remediation.
6. Identify external resources, where necessary.
8. Confirm, and test if necessary.
9. Bring in the QSA.
10. PCI is a moving target, so stay with it.
11. Assign ongoing roles and responsibilities.
12. Remember, compliance is important, but it's really about security.
Read the comprehensive white paper written by PCI-QSA Charles Denyer regarding his 12 Step PCI Remediation Action Plan.
About NDB and Charles Denyer
Charles Denyer is a member of NDB, a nationally recognized firm specializing in Regulation AB, Service Organization Control (SOC) reporting (SSAE 16, AT 101, Trust Services Principles | TSP), ISAE 3402, FISMA, NIST, HIPAA, ISO and PCI DSS compliance, along with many other regulatory compliance initiatives. He is also actively involved in numerous professional associations and organizations for a wide range of industries and business sectors, such as the American Nuclear Society (ANS), ISACA, and the Cloud Security Alliance (CSA), just to name a few.
Additionally, Charles holds numerous accounting and technology certifications along with a Masters in Information and Telecommunication Systems from the Johns Hopkins University and a Masters in Nuclear Engineering from the University of Tennessee at Knoxville. He has a keen interest in all topics related to information security, national security and homeland defense, and conducts independent research projects on specific subject matter for various entities. He can be reached at [email protected] or at 800-277-5415-ext.705.
For the original version on PRWeb visit: http://www.prweb.com/releases/prweb2012/9/prweb9901991.htm