COBIT and Its Utilization: A Framework from the Literature
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 8 - Volume 8
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 08
AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
Information security and the law
Information Security Tech. Report
Challenges in Adopting and Integrating ITIL and CMMi in ICT Division of a Public Utility Company
ICCEA '10 Proceedings of the 2010 Second International Conference on Computer Engineering and Applications - Volume 01
Information Systems Management
A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards
Information Security Journal: A Global Perspective
A Survey of Payment Card Industry Data Security Standard
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards PCI DSS or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for 'information security' rather than data protection incorporating Control Objectives for Information and related Technology COBIT, Information Technology Infrastructure Library ITIL and ISO 27002.