An Analysis of the Fundamental Security Policies Under PCI DSS and COBIT

The PCI DSS Security Standards

The PCI DSS security standards primarily focus on six major objectives aimed at optimizing the security features of personal information for cardholders (Morse & Raval, 2008). The six major objectives include; the presence of a secure network for safe transactions, protection of cardholder information in storage locations, protection of systems against hacking through the use of security software, access to system information should be strictly restricted and controlled, constant monitoring of the networks to ensure security measures are operational, and finally the formal information security protocol has to be adhered to always (Morse & Raval, 2008).

The Federal Information Security Management Act (FISMA)

On the other hand, the fundamental security policies central to the Federal Information Security Management Act (FISMA) are contained in the E-Government Act (Hulitt & Vaugn, 2010). In essence, FISMA's main targets are federal agencies. It requires that all federal agencies institute programs to provide security for information systems that are central to the operations of the particular agency. FISMA security policies include; planning for security, assigning security roles to certain individuals after accreditation and certification, periodic review of systems, and system risk assessment (Hulitt & Vaughn, 2010).

The COBIT Framework

COBIT is widely regarded as the most efficient practice of instituting the governance of information technology. According to Mataraciogly & Ozkan (2011), fundamental security principles under the COBIT framework include; selection of people with the authority to give a green light to policies, definition of the outcomes related to non-compliance with set policies, designing a framework to handle policy exceptions, the development of a system to monitor policy compliance, and defining the scope of a policy and determining who has to adhere to the said policies.

The Banking Industry and the Education Sector

For the second part of this analysis, the banking industry and the education sector are used. The banking industry should adhere to the fundamental security policies outlined under PCI DSS. This is because banks have to provide secure frameworks for transactions to take place in addition to information security. The education sector, on the other hand, should adhere to fundamental security policies outlined under COBIT. The reason for this is that the education sector is a policy sector. That is, most of the dynamics of this industry are dependent on adherence to the set policies.

References

Hulitt, E., & Vaughn, R. B. (2010). Information system security compliance to FISMA standard: a quantitative measure. Telecommunication Systems, 45(2-3), 139-152.

Mataracioglu, T., & Ozkan, S. (2011). Governing information security in conjunction with COBIT and ISO 27001. arXiv preprint arXiv:1108.2150.

Morse, E. A., & Raval, V. (2008). PCI DSS: Payment card industry data security standards in context. Computer Law & Security Review, 24(6), 540-554.