The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements designed to ensure that all organizations that store, process, or transmit cardholder data do so in a secure environment.
Fileless malware can create “the uncertainty” that falls outside of established set of security controls. The potential threat of a fileless attack raises the risk to IT operations beyond level acceptable for most organisations. By challenging traditional security products, fileless malware can be classified as an emerging threat, with potentially significant negative consequences, and for which immediate countermeasure may not be available.
Although EU GDPR adopts “risk-based compliance” (high/risk/low) and encourages formal risk analysis, it does not mention how organisations should evaluate, assess and measure the risk. Suggested concept of “privacy by design” by GDPR should be applicable to all new business initiatives and technology developments, but how to evaluate existing processes and environments?