A Best Practice Driven Approach to PCI DSS Compliance

(1)

References

Alencar Rigon, E., Merkle Westphall, C., Ricardo dos Santos, D. and Becker Westphall, C., 2014. A cyclical evaluation model of information security maturity.

Information Management & Computer Security, 22(3), pp.265-278.

Andersen, J.P., Prause, J. and Silver, R.C., 2011. A Step‐by‐Step Guide to Using Secondary Data for Psychological Research. Social and Personality Psychology Compass, 5(1), pp.56-75.

Bankar, P. & Verma, S., 2011. Mapping PCI-DSS v2.0 With COBIT 4.1. Journal Online, 2(April), pp.1–5.

Beissel, S., 2014. Supporting PCI DSS 3.0 Compliance with COBIT. COBIT Focus, 1(January), pp.14–20.

Blount, M., 2010. Compliance Standards in Data Security.

Borgman, B., Mubarak, S. and Choo, K.K.R., 2015. Cyber security readiness in the South Australian Government. Computer Standards & Interfaces, 37, pp.1-8.

Caralli, R.A., Allen, J.H. and White, D.W., 2010. CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience. Addison-Wesley Professional.

Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance & security. In Availability, reliability and security (ares), 2013 eighth international conference on (pp. 546-555). IEEE.

Coertze, J. and von Solms, R., 2012. A model for information security governance in developing countries. In e-Infrastructure and e-Services for Developing Countries (pp. 279-288). Springer Berlin Heidelberg.

(2)

Curtis, B., Hefley, B. and Miller, S., 2009. People capability maturity model (P- CMM) version 2.0 (No. CMU/SEI-2009-TR-003). Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst.

Dzazali, S., Sulaiman, A. and Zolait, A.H., 2009. Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations.

Government Information Quarterly, 26(4), pp.584-593.

Esteves, J. and Joseph, R.C., 2008. A comprehensive framework for the assessment of eGovernment projects. Government information quarterly, 25(1), pp.118-132.

Fallis, A., 2013. Peer Review Handbook. Journal of Chemical Information and Modeling, 53(9), pp.1689–1699.

Ferraiolo, K., 1996. The Systems Security Engineering Capability Maturity Model.

In Model, in proc. of the 19th national information systems security conference.

Ghaisas, S., Motwani, M., Balasubramaniam, B., Gajendragadkar, A., Kelkar, R.

and Vin, H., 2015, August. Towards automating the security compliance value chain. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (pp. 1014-1017). ACM.

Gillies, A., 2011. Improving the quality of information security management systems with ISO27000. The TQM Journal, 23(4), pp.367-376.

Global Cyber Security Capacity Centre University of Oxford 2014, Cyber Security Capability Maturity Model (CMM) - Pilot.

Goodwin, C.J., 2009. Research in psychology: Methods and design. John Wiley

(3)

Government of the Hong Kong Special Administrative Region, 2008. An Overview of Information Security Standards., (February), p.19.

Guédria, W., Naudet, Y. and Chen, D., 2011. Maturity Model as decision support for enterprise interoperability. In On the Move to Meaningful Internet Systems:

OTM 2011 Workshops (pp. 604-608). Springer Berlin/Heidelberg.

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 2013, Information Security Management System (ISMS) - Requirements.

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 2013, Information Security Management System (ISMS) - Code of practice for information security controls.

ISACA, 2013. A Business Framework for the Governance and Management of Enterprise IT.

ISO 2008, Systems Security Engineering Framework for Assurance Information Systems Security Engineering Association (ISSEA).

Johnston, M.P., 2014. Secondary Data Analysis: a method of which the time has come. Qualitative and Quantitative Methods in Libraries (QQML), 3, pp.619-626.

Karokola, G., Kowalski, S. and Yngström, L., 2011, August. Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View. In HAISA (pp. 58-73).

Koziol, N. and Arthur, A., 2011. An Introduction to Secondary Data Analysis.

Nebraska Center for Research.

(4)

Lee, G. and Kwak, Y.H., 2012. An open government maturity model for social media-based public engagement. Government Information Quarterly, 29(4), pp.492-503.

Lessing, M.M., 2008. Best practices show the way to Information Security Maturity.

Long-Sutehall, T., Sque, M. and Addington-Hall, J., 2010. Secondary analysis of qualitative data: a valuable method for exploring sensitive issues with an elusive population?. Journal of Research in Nursing.

Lovrić, Zrinka 2012, Model of Simplified Implementation of PCI DSS by Using ISO 27001 Standard. , pp.347–351.

Matrane, O. & Talea, M., 2014. Towards A New Maturity Model for Information Security Management. , 4(6), pp.71–78.

Mayer, J. and Fagundes, L.L., 2009, June. A model to assess the maturity level of the risk management process in information security. In Integrated Network Management-Workshops, 2009. IM'09. IFIP/IEEE International Symposium on (pp.

61-70). IEEE.

National Initiative for Cybersecurity Education 2013. Cybersecurity Capability Maturity Model White Paper.

Park, J.O., Kim, S.G., Choi, B.H. and Jun, M.S., 2008, August. The study on the maturity measurement method of security management for ITSM. In Convergence and Hybrid Information Technology, 2008. ICHIT'08. International Conference on (pp. 826-830). IEEE.

Payment Card Industry (PCI) 2013, Data Security Standard Requirements and

(5)

PCI 2013, Payment Card Industry (PCI) Data Security Standard, Version 3.0.

Pereira, T.S.M. and Santos, H., 2010, August. A Security Framework for Audit and Manage Information System Security. In Web Intelligence and Intelligent Agent Technology (WI-IAT), 2010 IEEE/WIC/ACM International Conference on (Vol. 3, pp. 29-32). IEEE.

Ramanauskaitė, S. et al., 2014. Visualization of Mapped Security Standards for Analysis and Use Optimisation. , 6(5), pp.3–7.

Ramanauskaitė, S., Olifer, D., Goranin, N. and Čenys, A., 2013. Security ontology for adaptive mapping of security standards. International Journal of Computers, Communications & Control (IJCCC), 8(6), pp.813-825.

Randeree, K., Mahal, A. and Narwani, A., 2012. A business continuity management maturity model for the UAE banking sector. Business Process Management Journal, 18(3), pp.472-492.

Rebollo, O., Mellado, D. and Fernández-Medina, E., 2012. A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment. J. UCS, 18(6), pp.798-815.

Rex, D.K., Ahnen, D.J., Baron, J.A., Batts, K.P., Burke, C.A., Burt, R.W., Goldblum, J.R., Guillem, J.G., Kahi, C.J., Kalady, M.F. and Michael, J.O., 2012. Serrated lesions of the colorectum: review and recommendations from an expert panel. The American journal of gastroenterology, 107(9), pp.1315-1329.

Rodriguez, E.A., 2004. Concepts of model verification and validation (No. LA- 14167). Los Alamos National Lab., Los Alamos, NM (US).

Saleh, M.F., 2011. Information Security Maturity Model. , (5), pp.316-337.

(6)

Schieferdecker, I., Grossmann, J. & Schneider, M., 2012. Model-Based Security Testing. Electronic Proceedings in Theoretical Computer Science, 80(Mbt), pp.1–

12.

Shafique, F. and Mahmood, K., 2010. Model development as a research tool: An example of PAK-NISEA.

Shareef, M.A., Kumar, V., Kumar, U. and Dwivedi, Y.K., 2011. e-Government Adoption Model (GAM): Differing service maturity levels. Government Information Quarterly, 28(1), pp.17-35.

Sharma, N.K. and Dash, P.K., 2012. Effectiveness Of Iso 27001, As An Information Security Management System: An Analytical Study Of Financial Aspects. Far East Journal of Psychology and Business, 9(5), pp.57-71.

Shihab, M.R. and Misdianti, F., 2014, October. Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company. In Advanced Computer Science and Information Systems (ICACSIS), 2014 International Conference on (pp. 151-156). IEEE.

Solar, M. et al., 2015. International Forum of Educational Technology & Society A Maturity Model for Assessing the Use of ICT in School Education A Maturity Model for Assessing the Use of ICT in School Education. , 16(1), pp.206–218.

Spier, R., 2002. The history of the peer-review process. Trends in Biotechnology, 20(8), pp.357–358.

Spremić, M., 2013. Holistic Approach for Governing Information System Security.

In Proceedings of the World Congress on Engineering (Vol. 2).

(7)

Stevanovi, B., 2011. Maturity Models in Information Security. International Journal of Information and Communication Technology Research, 1(2), pp.44–47.

Susanto, H., Almunawar, M.N. and Tuan, Y.C., 2012. A novel method on ISO 27001 reviews: ISMS compliance readiness level measurement. arXiv preprint arXiv:1203.6622.

Susanto12, H., Almunawar, M.N. and Tuan, Y.C., 2011. Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECSIJENS, 11(5), pp.23-29.

Thacker, B.H., Doebling, S.W., Hemez, F.M., Anderson, M.C., Pepin, J.E. and

The National Institute of Standards and Technology, 2007. NISTIR 7358: Program Review for Information Security Management Assistance (PRISMA). , pp.1–60.

Van Oosten, C., Baritchi, A. & van Koten, R., 2015. Verizon 2015 PCI Compliance Report.

Virtue, Timothy M. 2009, Payment Card Industry Data Security Standard Handbook.

Wendler, R., 2012. The maturity of maturity model research: A systematic mapping study. Information and software technology, 54(12), pp.1317-1339.

White, G.B., 2011, November. The community cyber security maturity model. In Technologies for Homeland Security (HST), 2011 IEEE International Conference on (pp. 173-178). IEEE.

Woodhouse, S., 2008. Critical Success factors for an Information Security Management System. 5th International Conference on Information Technology and Applications ICITA 2008, (Icita), pp.244–249.