ITSS 4370 Lecture Notes - Lecture 11: Payment Card Industry Data Security Standard, Vulnerability Management, Cobit
Information Security
• HIPPA
• Laws to secure protected health information or patent health data
• Audit
• PCI DSS
• Payment Card Industry Data Security Standard
• Major credit card issuers and applies to companies that accept,
store, process cardholder data
• Goals (Have requirements in each goal)
• Build maintain secure network and systems
• Protect cardholder data
• Maintain vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy
How to Comply with PCI DSS
• Defined specific requirements for compliance validation and reporting
• Process validation
National Institute of Standards and Technology (US Department of Commerce)
• NIST: The National Institute of Standards And Technology
• Framework for cyber security
Framework
APQC Process Classification Framework (PCF)****
• Most used process framework in the world
• Common language for organizations
• Free
APQC PCF Categories
• Develop Vision and Strategy
• Develop and manage Product and Services
• Market and Sell Products and Services
• Deliver Physical Products
• ….
ISO on IT Governance
• ISO/IEC 38500:2015 Information technology – Governance of IT for the
organization
• Direct, Evaluation, Monitor
COBIT 5
COBIT Framwork
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
How to comply with pci dss: defined specific requirements for compliance validation and reporting, process validation. National institute of standards and technology (us department of commerce: nist: the national institute of standards and technology, framework for cyber security. Apqc process classification framework (pcf)***: most used process framework in the world, common language for organizations, free. Apqc pcf categories: develop vision and strategy, develop and manage product and services, market and sell products and services, deliver physical products. Iso/iec 38500:2015 information technology governance of it for the organization: direct, evaluation, monitor. Cobit 5: 5 principles, way to dealing with control, 1. Meeting stakeholder needs: create value for their stakeholder, 2. Governance and management: governance ensures that enterprise objectives are achieved by evaluating. Now one complete business framework: audit, control, management, governance of enterprise it. Logistics: sessions 1 14, mc and written responses, exm.