An Analysis of the Fundamental Security Policies Under PCI DSS and COBIT

204 views 2 pages ~ 437 words
Get a Custom Essay Writer Just For You!

Experts in this subject field are ready to write an original essay following your instructions to the dot!

Hire a Writer

The PCI DSS Security Standards

The PCI DSS security standards primarily focus on six major objectives aimed at optimizing the security features of personal information for cardholders (Morse & Raval, 2008). The six major objectives include; the presence of a secure network for safe transactions, protection of cardholder information in storage locations, protection of systems against hacking through the use of security software, access to system information should be strictly restricted and controlled, constant monitoring of the networks to ensure security measures are operational, and finally the formal information security protocol has to be adhered to always (Morse & Raval, 2008).

The Federal Information Security Management Act (FISMA)

On the other hand, the fundamental security policies central to the Federal Information Security Management Act (FISMA) are contained in the E-Government Act (Hulitt & Vaugn, 2010). In essence, FISMA's main targets are federal agencies. It requires that all federal agencies institute programs to provide security for information systems that are central to the operations of the particular agency. FISMA security policies include; planning for security, assigning security roles to certain individuals after accreditation and certification, periodic review of systems, and system risk assessment (Hulitt & Vaughn, 2010).

The COBIT Framework

COBIT is widely regarded as the most efficient practice of instituting the governance of information technology. According to Mataraciogly & Ozkan (2011), fundamental security principles under the COBIT framework include; selection of people with the authority to give a green light to policies, definition of the outcomes related to non-compliance with set policies, designing a framework to handle policy exceptions, the development of a system to monitor policy compliance, and defining the scope of a policy and determining who has to adhere to the said policies.

The Banking Industry and the Education Sector

For the second part of this analysis, the banking industry and the education sector are used. The banking industry should adhere to the fundamental security policies outlined under PCI DSS. This is because banks have to provide secure frameworks for transactions to take place in addition to information security. The education sector, on the other hand, should adhere to fundamental security policies outlined under COBIT. The reason for this is that the education sector is a policy sector. That is, most of the dynamics of this industry are dependent on adherence to the set policies.


Hulitt, E., & Vaughn, R. B. (2010). Information system security compliance to FISMA standard: a quantitative measure. Telecommunication Systems, 45(2-3), 139-152.

Mataracioglu, T., & Ozkan, S. (2011). Governing information security in conjunction with COBIT and ISO 27001. arXiv preprint arXiv:1108.2150.

Morse, E. A., & Raval, V. (2008). PCI DSS: Payment card industry data security standards in context. Computer Law & Security Review, 24(6), 540-554.

September 04, 2023
Subject area:

Company Policy Security

Number of pages


Number of words




Writer #



Expertise Security
Verified writer

I enjoyed every bit of working with Krypto for three business tasks that I needed to complete. Zero plagiarism and great sources that are always fresh. My professor loves the job! Recommended if you need to keep things unique!

Hire Writer

This sample could have been used by your fellow student... Get your own unique essay on any topic and submit it by the deadline.

Eliminate the stress of Research and Writing!

Hire one of our experts to create a completely original paper even in 3 hours!

Hire a Pro

Similar Categories