๐ผ 12.2 Implement a risk-assessment process.
-
Contextual name: ๐ผ 12.2 Implement a risk-assessment process.
-
ID:
/frameworks/pci-dss-v3.2.1/12/02 -
Located in: ๐ผ 12 Maintain a policy that addresses information security for all personnel.
Descriptionโ
This process:
- Is performed at least annually and upon significant changes to the environment (for example, acquisition, merger, relocation, etc.),
- Identifies critical assets, threats, and vulnerabilities, and
- Results in a formal, documented analysis of risk.
Examples of risk-assessment methodologies include but are not limited to OCTAVE, ISO 27005 and NIST SP 800-30.
Similarโ
- Internal
- ID:
dec-c-eddb5b24
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|