The Payment Card Industry Data Security Standard (PCI DSS) isn't dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn't mention any of the prerequisites required for a management framework, e.g. management commitment, scope definition, security awareness training, ongoing improvement plans, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented. So therefore, one could be forgiven for believing that MasterCard and Visa assumed PCI would contain additional security requirements to sit on top of an already established Information Security Management System (ISMS).
Did you find this white paper useful?
Related white papers
Combating Fraud and Improving Claims Processes in SMB Insurance
IBM understands the increasing threats facing insurance companies and offers proven solutions to capitalize on a variety of risks. This executive kit contains articles related to claims management, insurance fraud...
Governance, Risk, and Compliance: A Practical Guide to Points of Entry
The implementation of new initiatives in Governance, Risk, and Compliance (GRC) may be an overwhelming prospect for many organizations. With multiple views and aspects of GRC, it can be difficult...
Stock Spam: A Classic Scam
The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this...
ICD-10: Turning Regulatory Compliance Into Strategic Advantage - Are U.S. Health Plans and Providers Ready for ICD-10 Adoption?
As if existing IT investments weren't a large enough strain on provider and payor budgets, the U.S. health care industry is facing a new challenge: ICD-10 (International Statistical Classification of...
Benchmarking IT Risk and Compliance
IT Risk and Compliance are critical issues for Senior IT Managers today. Two areas of focus will be presented beginning with the results of Symantec's IT Risk Management Report. This...
Microsoft FDCC Webcast Series: Do It Right: Log in as Normal User
FDCC requires that the typical user run as Normal User whenever possible; without this, a managed environment is practically impossible. For organizations that have given Local Administrator rights to their...
Pragma Systems: Using SSH for PCI Compliance
The objective of this paper is to examine the federal and industry regulatory environment and to analyze the benefits of utilizing Secure Shell (SSH) in achieving PCI compliance. In addition,...
