Discussion Board Question
Security Policies outlined by Payment Card Industry Data Security Standard (PCI DSS) majorly emphasis has been provided on the protection of the credit cards those are available including the American Express, and Visa MasterCard in manner to ensure that the information exchanged while making the transaction has been well secured and safe. Most of the services and products are available online and so the user can make the transaction for the products and services using online payment mode via credit cards. The PCI DSS compliant systems are far better secured than any other policies for the management of the transaction security. Processing isolation using the segmentation process and encryption are the two security measures, being adhered by this policy for the enhancement in the security measures.
The FISMA (Federal Information Security Management Act) is helpful in assuring the data and information being regulated by the government itself. The introduced framework for the enhancement in the IT security enhancement should be executed in four levels as follows: level one should be having the progress from complying the policies, the next level emphasizes on having the detailed procedures, thereafter it states procedure implementation, and finally, the fourth level focuses on the compliance evaluation on the existing system and assuring the security of the data and information.
The COBIT (Control Objective for Information and Technology) is capable of assuring the security of the private sectors and the compliance of the organization’s policy with the COBIT can be helpful in securing the information exchange.
Karen Benson stated the policies registered by the three latter and explained how all the three standards can lead to the enhancement of the security and privacy of the information bei9ng exchanged while utilizing the information technology for the exchange of the information while making payment or any other operations. Benson explained that the PCI DSS can be utilized within the healthcare for the management of the data and information while securing the information related to the patient and their medical related data. However, PCI DSS have the standards and the policies that are mostly suitable for the management of the information security related to the payment made via credit cards.
Nathal Gentry also provided the concerns related to the security standards of the three latter proposed in the question for the evaluation of the best compliance sector with the different policies. I am completely agree with Gentry on the management of the information security being applied in the selected sectors. The compliance of the standards in the same sectors will allow the organization, federals, and many other groups to secure their database and protect the data and information related to their consumers. The standards and the selected sectors, if comply with the existing system than it will be helpful in the enhancement of the security without any future issues.
Chickowski, E. (2008). TJX: Anatomy of a massive breach. Baseline, (81), 28–29.
Johnson, R. (2015). Security Policies and Implementation Issues (2 edition). Burlington, MA: Jones & Bartlett Learning.