Squeezing More Value From Your PCI Assessment

How do you use your PCI risk assessment?

Requirement 12.1 tells you to have “an annual process that identifies threats, and vulnerabilities, and results in a formal risk assessment.”  The questions for retailers and their CIOs are: What do you do with that risk assessment once you are done?  Do you use it to question your current practices and reduce your PCI scope?  Walter Conway looks at these issues on StorefrontBacktalk.