![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
Notes
1. The source of this article is The IIA's “Case Studies of Using GAIT-R To Scope PCI Compliance.” Reprint with permission from The IIA.
2. “2008 DATA Breach investigations Report: Four Years of Forensics Research. More than 500 Cases. One Comprehensive Report,” Verizon Business Systems.
3. “Case Studies of Using GAIT for Business and IT Risk To Scope PCI Compliance,” The Institute of Internal Auditors, September 16, 2008.
4. “GAIT for Business and IT Risk (GAIT-R),” The Institute of Internal Auditors, March 2008.
5. GAIT can be used as guidance in any situation requiring a top-down and risk- based approach.
7. Although the secure socket layer (SSL) is solely mentioned in this article, there are other industry standard and home-grown encryption models that organizations use. However, many times in-house-developed models are typically flawed and vulnerable to cracking.
8. As an example of its wider applicability, GAIT-R requires the identification of all controls, including entity-level controls. However, PCI DSS compliance is more specific and does not require the review of entity-level controls.
9. Computing environment in these case studies extends the identification of the computing environment beyond the application and includes the hardware and software, which are not generally considered as an application.