Response to discussion post from another classmate CSIS 340-information security

***Please support your replies with scripture (citation)*****

Over the years, important standards have been implemented in order to make the job of IT professionals clearer and easier. One of these, the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that has been implemented by payment brands. Its primary purpose is to create the necessary controls to monitor and enforce specified standard requirements in order to increase card security and reduce fraud. Another, the Federal Information Security Management Act of 2002 (FISMA) is a federal law in the United States that mandates the use of an information security and protection program. Its purpose is to reduce security risks of important government data while creating an efficient process that stays within budget. And lastly, the Control Objectives for Information and Related Technologies (COBIT) is a framework for managing information. It helps to develop, organize, and implement strategies in enterprise IT.    All of these standards help create clarity for IT professionals. FISMA, for example, includes risk categorization in order to assess the vulnerability of different information systems. This creates a clear goal for administrators to enforce, it sets a standard that must be kept. As an example, an office work computer in a government facility would be lower on the assessment since the information on it is likely to be mundane, and if the network is setup correctly it should be fairly isolated. A server that contains the information of congress members, on the other hand, is a likely target for hackers. Its standing on the risk assessment would be much higher than that of other machines. Of course, the work computer would still be considered- but not every computer in an expansive network can be completely locked down and monitored. The risk assessment implemented by FISMA helps IT determine which systems need the most attention. Likewise, the PCI DSS standard creates a degree of clarity as to the needs of a payment system. By implementing these needs according to the standard’s requirements, a safer environment is created, and the job of maintaining it is clear. The PCI DSS standard is one that can be applied, and is, widely across businesses. Since its use is primarily to increase security and reduce fraud in payment card transactions, even small retail stores can make use of PCI DSS. And since it is used by large card issuers such as MasterCard and American Express, the infrastructure is largely already there. Implementing the standard essentially only requires diligent adherence to existing protocols, so even small stores with little or no IT staff are able to implement it- so long as workers understand the system they’re given and how not to abuse it. 

PCI Security Standards Council Site – Verify PCI Compliance, Download Data Security and Credit Card Security Standards. (n.d.). Retrieved from https://www.pcisecuritystandards.org/pci_security/how

What is FISMA Compliance? FISMA Definition, Requirements, Penalties, and More. (2018, March 06). Retrieved from https://digitalguardian.com/blog/what-fisma-compliance-fisma-definition-requirements-penalties-and-more

White, S. K. (2017, December 22). What is COBIT? A framework for alignment and governance. Retrieved from https://www.cio.com/article/3243684/methodology-frameworks/what-is-cobit-a-framework-for-alignment-and-governance.html