An Integrated Security Governance Framework for Effective PCI DSS Implementation

Authors:
Mathew Nicho;Hussein Fakhry;Charles Haiber
Affiliations:
University of Dubai, UAE;University of Dubai, UAE;Kent State University at Stark, USA
Venue:
International Journal of Information Security and Privacy
Year:
2011

Citing 9
Cited 0

COBIT and Its Utilization: A Framework from the Literature

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 8 - Volume 8
Re-Engineering IT Internal Controls: Applying Capability Maturity Models to the Evaluation of IT Controls

HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 08
Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations

AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
Justifications, Strategies, and Critical Success Factors in Successful ITIL Implementations in U.S. and Australian Companies: An Exploratory Study

Information Systems Management
Information security and the law

Information Security Tech. Report
Challenges in Adopting and Integrating ITIL and CMMi in ICT Division of a Public Utility Company

ICCEA '10 Proceedings of the 2010 Second International Conference on Computer Engineering and Applications - Volume 01
Setting the Stage for a Successful ITIL Adoption: A Delphi Study of IT Experts in the Norwegian Armed Forces

Information Systems Management
A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards

Information Security Journal: A Global Perspective
A Survey of Payment Card Industry Data Security Standard

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards PCI DSS or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for 'information security' rather than data protection incorporating Control Objectives for Information and related Technology COBIT, Information Technology Infrastructure Library ITIL and ISO 27002.