An Integrated Security Governance Framework for Effective PCI DSS Implementation

Author:

Nicho Mathew1,Fakhry Hussein1,Haiber Charles2

Affiliation:

1. University of Dubai, UAE

2. Kent State University at Stark, USA

Abstract

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

Publisher

IGI Global

Subject

Information Systems

Reference57 articles.

1. Three Models to Measure Information Security Compliance

2. Amato-McCoy, D. M. (2009). The next phase of PCI security. Chain Store Age, 48-49.

3. Quality model mania.;G. H.Anthes;Computerworld,2004

4. Baker, W., Dahn, M., Greiner, T., Hutton, A., Hylender, C. D., Lindstrom, P., et al. (2010). Verizon 2010 payment card industry compliance report. Retrieved from http://www.verizonbusiness.com/resources/reports/rp_2010-payment-card-industry-compliance-report_en_xg.pdf

5. Cater-Steel, A., & Tan, W.-G. (2005). Implementation of IT infrastructure library (ITIL) in Australia: Progress and success factors. Paper presented at the International IT Governance Conference, Auckland, New Zealand.

Cited by 5 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Transforming Financial Management With Cloud Computing;Advances in Computer and Electrical Engineering;2024-06-21

2. Credit Card Transaction System Using Secured Software;Journal of Information Technology and Digital World;2024-03

3. Navigating Through Choppy Waters of PCI DSS Compliance;Cyber Security and Threats;2018

4. Feature-Based Variability Management for Scalable Enterprise Applications: Experiences with an E-Payment Case;2016 49th Hawaii International Conference on System Sciences (HICSS);2016-01

5. Navigating Through Choppy Waters of PCI DSS Compliance;Advances in Information Security, Privacy, and Ethics

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3