PCI DSS Security gap analysis is a critical phase in the Business Continuity Planning process and is a form of risk assessment for the companies with PCI DSS requirements. Security gap analysis service is designed to determine the differences between the present state of information security within an enterprise and its ideal state.
- One of the preferred methods of performing this security gap analysis is to ask a series of probing questions, in the manner of a security audit. Such as following questions;
- Are all enterprise servers housed in a restricted area, such as a computer room?
- Is access to the server room limited to essential personnel?
- Are biometric access controls employed to govern entry?
- Is the server room monitored by video surveillance cameras?
- How many attempts at unauthorized access are routinely recorded, and how are these incidents investigated?
An information security-related gap analysis identifies information security gaps that may exist within an organization by examining the current information security stance to industry best practices or standards and
regulations. However, gap analysis is not a standalone process. It is a step, albeit a strategic one, in the development of a BCP( Business Continuity Plans).
While there is a natural tendency to focus on network security, ensuring proper protection from viruses, worms, and other forms of malware that propagate over the Internet, an information security gap analysis is not complete without considering other common, but often overlooked, exposures, such as laptop security, physical security, and personnel security.
If you would like to find out how PCI/DSS Gap Analysis Service can be beneficial for your company or more information about our service, please contact our security experts to get a free quick consultation.