PCI DSS defines a critical system is any system that is involved in the card payment process. Critical systems are used to transmit data, process card payments and store card data. Penetration testing should be done on all assets used to manage CDE from firewall to authentication of users who access the data.
Author: Ken Lynch
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity's success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.