CSIS 340: Analyzing Security Standards and Policies Discussion

Verified

Added on 2023/06/10

AI Summary

This document presents a student's contribution to a discussion board forum focusing on security standards and policies, specifically addressing Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), and Control Objective for Information and Technology (COBIT). The discussion highlights the importance of these standards in protecting sensitive information, particularly in online transactions and government data management. The student analyzes the effectiveness of these policies and engages with classmates' perspectives, agreeing with the importance of compliance in enhancing data security across various sectors. The discussion emphasizes the role of processing isolation, encryption, and a multi-level implementation framework in ensuring robust IT security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY STANDARDS AND POLICIES
Security Standards and Policies
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
SECURITY STANDARDS AND POLICIES
Part 1 Discussion Board Question
Discussion Board Forum 4
Security Policies outlined by Payment Card Industry Data Security Standard (PCI DSS)
majorly emphasis has been provided on the protection of the credit cards those are available
including the American Express, and Visa MasterCard in manner to ensure that the information
exchanged while making the transaction has been well secured and safe. Most of the services and
products are available online and so the user can make the transaction for the products and
services using online payment mode via credit cards. The PCI DSS compliant systems are far
better secured than any other policies for the management of the transaction security. Processing
isolation using the segmentation process and encryption are the two security measures, being
adhered by this policy for the enhancement in the security measures.
The FISMA (Federal Information Security Management Act) is helpful in assuring the
data and information being regulated by the government itself. The introduced framework for the
enhancement in the IT security enhancement should be executed in four levels as follows: level
one should be having the progress from complying the policies, the next level emphasizes on
having the detailed procedures, thereafter it states procedure implementation, and finally, the
fourth level focuses on the compliance evaluation on the existing system and assuring the
security of the data and information.
The COBIT (Control Objective for Information and Technology) is capable of assuring
the security of the private sectors and the compliance of the organization’s policy with the
COBIT can be helpful in securing the information exchange.
References

2
SECURITY STANDARDS AND POLICIES
Chickowski, E. (2008). TJX: Anatomy of a massive breach. Baseline, (81), 28–29.
Johnson, R. (2015). Security Policies and Implementation Issues (2 edition). Burlington, MA:
Jones & Bartlett Learning.
Part 2: Student Threads
Thread 1
Karen Benson stated the policies registered by the three latter and explained how all the
three standards can lead to the enhancement of the security and privacy of the information
bei9ng exchanged while utilizing the information technology for the exchange of the information
while making payment or any other operations. Benson explained that the PCI DSS can be
utilized within the healthcare for the management of the data and information while securing the
information related to the patient and their medical related data. However, PCI DSS have the
standards and the policies that are mostly suitable for the management of the information
security related to the payment made via credit cards.
Thread 2
Nathal Gentry also provided the concerns related to the security standards of the three
latter proposed in the question for the evaluation of the best compliance sector with the different
policies. I am completely agree with Gentry on the management of the information security
being applied in the selected sectors. The compliance of the standards in the same sectors will
allow the organization, federals, and many other groups to secure their database and protect the
data and information related to their consumers. The standards and the selected sectors, if
comply with the existing system than it will be helpful in the enhancement of the security
without any future issues.