Reference Hub

This research has been cited in:

Conference
Feature-Based Variability Management for Scalable Enterprise Applications: Experiences with an E-Payment Case2016 49th Hawaii International Conference on System Sciences (HICSS)10.1109/HICSS.2016.717
Article
Credit Card Transaction System Using Secured SoftwareJournal of Information Technology and Digital World10.36548/jitdw.2024.1.005
Chapter
Navigating Through Choppy Waters of PCI DSS ComplianceCyber Security and Threats10.4018/978-1-5225-5634-3.ch053
Chapter
Navigating Through Choppy Waters of PCI DSS ComplianceInformation Technology Risk Management and Compliance in Modern Organizations10.4018/978-1-5225-2604-9.ch005

An Integrated Security Governance Framework for Effective PCI DSS Implementation

Mathew Nicho, Hussein Fakhry, Charles Haiber

Source Title: International Journal of Information Security and Privacy (IJISP)5(3)

ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781613507575|DOI: 10.4018/jisp.2011070104

Cite Article Cite Article

MLA

Nicho, Mathew, et al. "An Integrated Security Governance Framework for Effective PCI DSS Implementation." IJISP vol.5, no.3 2011: pp.50-67. http://doi.org/10.4018/jisp.2011070104

APA

Nicho, M., Fakhry, H., & Haiber, C. (2011). An Integrated Security Governance Framework for Effective PCI DSS Implementation. International Journal of Information Security and Privacy (IJISP), 5(3), 50-67. http://doi.org/10.4018/jisp.2011070104

Chicago

Nicho, Mathew, Hussein Fakhry, and Charles Haiber. "An Integrated Security Governance Framework for Effective PCI DSS Implementation," International Journal of Information Security and Privacy (IJISP) 5, no.3: 50-67. http://doi.org/10.4018/jisp.2011070104

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

An Integrated Security Governance Framework for Effective PCI DSS Implementation

MLA

APA

Chicago

Export Reference

Abstract

Request Access