Supporting PCI DSS 3.0 Compliance With COBIT 5
By Stefan Beissel, Ph.D., CISA, CISSP
The Payment Card Industry Data Security Standard (PCI DSS) aims to improve the security of cardholder data and is required when cardholder data or authentication data are stored, processed or transmitted. The implementation of enabling processes from COBIT 5 can support compliance to PCI DSS1. COBIT 5 assists enterprises in governance and management of enterprise IT (GEIT) in general and, at the same time, supports the need to meet security requirements with enabling processes and management activities. The mapping of COBIT 5 enabling processes to PCI DSS 3.0 security requirements facilitates the simultaneous application of COBIT 5 and PCI DSS 3.0 and helps create synergies within the enterprise.
PCI DSS 3.0
PCI DSS was released by the PCI Security Standards Council (PCI SSC), a panel of five global payment brands—American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS also includes requirements for data security and related audit methods. In particular, the primary account number (PAN) is the defining factor in the applicability of PCI DSS requirements.
Link for full JAN 2014 newsletter