PCI DSS audit and compliance

被引：11

作者：

Ataya G. ^{[1
]}

机构：

[1] IT Management Education at Solvay Brussels, School of Economics and Management

来源：

Information Security Technical Report | 2010年 / 15卷 / 04期

关键词：

Data protection; Information security management; PCI-DSS audit compliance;

D O I：

10.1016/j.istr.2011.02.004

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

PCI DSS compliance involves responding to a series of requirements imposed by the credit card industry. To succeed, organisation must implement strict information security management processes and should master the risks related to the protection of credit card sensitive data. There are many actions that could be accomplished before hand to ease the audit process, to reduce the effort and time consumed by the audit engagement and to ensure audit conclusions reflect the exact risk posture of the organisation. © 2011 Published by Elsevier Ltd.

引用

页码：138 / 144

页数：6

共 11 条

[1] Business Model for Information Security, (2010)
[2] Bok C., Body of Knowledge for the CISM Examination, (2010)
[3] IT Governance and Assurance Framework
[4] Drew and Nair, Payment Card Industry Data Security Standard in the Real World
[5] Palgron G., Reducing PCI DSS Audit Scope by
[6] Information Security Governance: Guidance for Boards of Directors and Executive Management
[7] (2005)
[8] ITIL Information Technology Infrastructure Library, OGC
[9] Security Metrics: Guide for Information Technology Systems, (2003)
[10] Secure Application Development Training Organised since 2005 by KU Leuven and Solvay Brussels School of Economics and Management

← 1 2 →