Course Hero Logo
Upload to Study
Expert Help

DQ6 QSA.docx - A qualified security assessor QSA is a...

Doc Preview
Pages 2
Total views 2
A qualified security assessor (QSA) is a professional that assists organizations to identify vulnerabilities in the cybersecurity infrastructure as well as security awareness training(Schoenfield, 2015). The individuals are contracted by independent QSA organizations that have been accredited by the PCI security standards council. The validation is based on adherence to Payment Card Industry Data Security Standard. The QSA organization is established just like any other company but it must be a legal entity. The company must have a legal capacity to initiate contracts and agreements, incur and pay debts, take responsibility for its actions, and can sue or be sued. The company must provide a Business license provided with a year of incorporation and locations of their offices. The organization must also present written statements showing any present or past convictions or accusations of criminal activities that concerns QSA. The QSA company must demonstrate independence, ethics, and insurance after which it will be
Course Hero Badge

End of preview

Want to read all 2 pages? Upload your study docs or become a member.
Unformatted text preview:approved by the PCI SCC. The professionals mandated to perform QSA must demonstrate knowledge and experience as far security assessments are concerned. The practitioners must be a holder of one or more security certification that is relevant and recognized by the industry together with substantial experience. At least one year of experience in various information security disciplines including application, information systems and network securities. Attending annual training programmes and taking exams designed by the PCI for the training is also essential. Failure in any of the exams means the practitioners must take another assessment before being approved to practice. Reference Schoenfield, B. S. E. (2015). Securing Systems: Applied Security Architecture and Threat Models . Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business.